Simple firewall script. pls help
Hi,
I've been having a bit of trouble getting my firewall to work correctly. I was wondering if anyone had a script I could use. What I'm looking for is a script which has a simple masc statment to share my connection ppp0 from my linux box 192.168.1.1 to my windows 192.168.1.2 on eth0 with all the usual stuff and leave port 22 open for ssh. Heres What I got, any suggestions. It comes up with errors when I add it to RC.M I did the chmod a+x for execution Thx guys #!/bin/sh echo Firewall Starting... #set TCP/IP stack options #Disabling IP Spoofing attacks. echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter #Don't respond to broadcast pings (Smurf-Amplifier-Protection) echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts #Block source routing echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route #Kill timestamps echo 0 > /proc/sys/net/ipv4/tcp_timestamps #Enable SYN Cookies echo 1 > /proc/sys/net/ipv4/tcp_syncookies #Kill redirects echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects #Enable bad error message protection echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses #Log martians (packets with impossible addresses) echo 1 > /proc/sys/net/ipv4/conf/all/log_martians #Flush all chains /sbin/iptables -F /sbin/iptables -Z /sbin/iptables -t nat -F POSTROUTING /sbin/iptables -t nat -F PREROUTING #Set default policies /sbin/iptables -P INPUT ACCEPT /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -P FORWARD ACCEPT #Accept any connections from lan /sbin/iptables -A INPUT -s 192.168.1.0/16 -j ACCEPT #ICMP #/sbin/iptables -A INPUT -p icmp -j ACCEPT #SSH /sbin/iptables -A INPUT -p tcp -dport 22 -j ACCEPT #allow packets from established connections in /sbin/iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT /sbin/iptables -A INPUT -i ppp0 -p tcp --dport 1024:65535 -m state --state RELATED -j ACCEPT /sbin/iptables -A INPUT -i ppp0 -p udp --dport 1024:65535 -m state --state RELATED -j ACCEPT #drop any other attempted connections /sbin/iptables -A INPUT -j LOG --log-prefix "DROPPED PACKET" /sbin/iptables -A INPUT -j DROP #masquerade for lan /sbin/iptables -t nat -A POSTROUTING -i eth0 -o ppp0 -j MASQUERADE echo Firewall Started |
Sure! Here's one. Enjoy
http://www.ntlab.net/linux/public/rc.firewall
you will need guarddog as well: http://www.simonzone.com/software/guarddog/ It it is too much.... sorry. |
Here's an rc.firewall that I made....
I didn't leave port 22 open. I forward it to my linux box and then I can ssh from there to my router if I need to. Hope it helps! Code:
#!/bin/bash |
Thx guys I'll have a go at it.
Got a nit worried about the watch dog script but luck enough theres a gui. |
Go to this site, walk through the prompts. Cut and past into a newly created /etc/rc.d/rc.firewall
Edit the line that has the location of iptables---it will default to /usr/local/sbin us slackware people need to change that to /usr/sbin The firewall will be excellently commented--so custom editing is extremely easy. Then type from cli /usr/rc.d/rc.firewall start Voila--15 min tops Happy slacking :) |
Thx, u guys have been helpful. Got it all running like a charm. :)))
|
All times are GMT -5. The time now is 07:42 PM. |