I've just created a server for my family use: it serves as a HTTP, SMTP, SSH and FTP server, and it's routing my home LAN.
As Ubuntu Dapper comes with no firewall (policy ACCEPT) as default, I need to configure a firewall asap.
My needs are: the services i've mentioned, and of course, the ability to browse form any of the LAN clients.
1. I've created a script with all my iptables rules, that is lunched from /etc/rc.local. Is the interface been configured before the execution of rc.local? If so, how can I make the firewall available before the connection to the internet is made?
2. My iptables script is as follows; Can you please have a look at it and see if it's OK?
Thanks.
Code:
#!/bin/sh
#Flush The Remains
iptables -t filter -F
iptables -t nat -F
iptables -t mangle -F
iptables -t raw -F
#Set Policies
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
#loopback can do anything
$IPTABLES -A INPUT -i lo -j ACCEPT
#Enable Internet Conncection Sharing
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#HTTP OK
iptables -A INPUT -p tcp -dport 80 -j ACCEPT
#SSH OK
iptables -A INPUT -p tcp -dport 22 -j ACCEPT
#SMTP OK
iptables -A INPUT -p tcp -dport 25 -j ACCEPT
#FTP OK
iptables -A INPUT -p tcp -dport 20 -j ACCEPT