You're running NAKED!!!!!
Better get some clothes on...
Try this:
http://iptables.1go.dk
Also this:
http://www.netfilter.org/documentati...-tutorial.html
To do connection sharing you'll need ipmasquerade.
Here's a simple script to get you started. This stuff is intimidating at first, but it's really easy. You just need to read and learn.
#!/bin/sh
echo -e "\n\nLoading simple rc.firewall."
IPTABLES=/sbin/iptables
EXTIF="ppp0" #or whatever modem is...
INTIF="eth0"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
echo -en " Loading Modules: "
echo " -Verifying all kernel modules are OK"
/sbin/depmod -a
echo "Enabling Forwarding..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo " clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT DROP ##changed from accept
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT DROP ##changed from accept
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
#below here is new. above works.
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
$IPTABLES -A FORWARD -s ! 192.168.0.2 -j DROP
$IPTABLES -A INPUT -p ALL -i $INTIF -s 192.168.0.2 -j ACCEPT
$IPTABLES -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $INTIF -d 192.168.0.255 -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -o $INTIF -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -o $EXTIF -j ACCEPT
echo " Done loading rules."
Copy this and save it somewhere as: rc.firewall
then as su do: chmod 755 rc.firewall
sh rc.firewall
That should give you some protection temporarily....