problem with my first firewall....
i want to make my first firewall :))
what's wrong becouse when i run it, the internet connection goes down (sorry for my english) #!/bin/sh modprobe ip_tables modprobe ip_conntrack modprobe ip_conntrack_ftp modprobe ip_nat_ftp modprobe ip_conntrack_irc modprobe ip_nat_irc iptables=/usr/sbin/iptables $iptables -P INPUT DROP $iptables -P OUTPUT DROP $iptables -P FORWARD DROP $iptables -F INPUT $iptables -F OUTPUT $iptables -F FORWARD $iptables -A INPUT -i lo -j ACCEPT $iptables -A OUTPUT -o lo -j ACCEPT #$iptables -A INPUT -i eth1 -s 192.168.0.1/24 -j ACCEPT $iptables -A INPUT -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT $iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j ACCEPT $iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j ACCEPT $iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 21 -j ACCEPT $iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 53 -j ACCEPT $iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $iptables -A INPUT -p TCP ! --syn -m state --state NEW -j LOG --log-prefix "Possbile syn scan" $iptables -A INPUT -p TCP ! --syn -m state --state NEW -j DROP thanks |
Is this supposed to be a firewall for just a single PC, or for a network?
If for a network, you're not allowing any connections on the FORWARD chain, so no packets will be permitted from the LAN to the NET. |
Quote:
|
Well, for a network, it's horribly lacking.
For local, you're not ACCEPTing any (initial) packets on the OUTPUT chain. You'll need to allow outbound traffic to get any response back. :) |
...
|
Quote:
u can give me a firewall? for sigle pc, and then i will learn :) how to make it for network |
Assuming no services are being run, and I'm only trying to protect against external attacks, I would do something like:
Code:
#!/bin/bash |
All times are GMT -5. The time now is 08:43 PM. |