LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   New Firewall Script Required (https://www.linuxquestions.org/questions/linux-networking-3/new-firewall-script-required-191882/)

smurf 06-10-2004 07:09 AM
New Firewall Script Required
 
Hey guys,

Ive used the same firewall script for about a year now.

The firewall script is very basic.
Eth0 LAN
Eth1 Web


The problem is, now I understand what the firewall does its come to my attention that it doesnt block any ports unless i tell it to.

I am looking for a script that denys all, and then opens specific ports

Is there any examples anywhere as i cant seem find any myself and i would trust a firewall i attempted to write myself

Cheers

Smurf :D

wrongman 06-10-2004 07:29 AM
i'm using this one, don't know if it's safe or not, if you have to eth devices you should add something, anyway... here it is:
Code:
iptables -F
iptables -F -t mangle
iptables -F -t nat
iptables -X

iptables -P INPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -i lo -m state --state NEW -j ACCEPT

for f in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $f
done
It SHOULD block every connection attempt started from the net, and allow only connections started by you..
hope it helps... cya


All times are GMT -5. The time now is 09:26 PM.