Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews


LINUX CATEGORIES:



GLOBAL PAGES >>
NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
WEEK'S BEST
  • Linux Kernel 3.9.3 / 3....
  • LibreOffice 3.6.6 / 4.0.3
  • MPlayer 1.1.1
  • systemd 204
  • Arch Linux 2013.05.01
  • Blender 2.67
  • KDE Software Compilatio...
  • CrunchBang Linux Stable...
  • Elementary OS 0.1 / 0.2...
  • SystemRescueCd 3.6.0
    		•
    Home > Linux > System > Networking

    Very restrictive set of firewall rules

    Download button

    No screenshots available
    Downloads: 495  View global page NEW!  Tell us about an update
    User Rating:
    Rated by:    		 NOT RATED
    0 user(s)
    Developer:

    License / Price:

    Last Updated:

    Category:         		Anonymous | More programs
    GPL / FREE
    February 14th, 2007, 15:00 GMT
    ROOT / System / Networking

     Read user reviews (0)  Refer to a friend  Subscribe

    Very restrictive set of firewall rules description

    Very restrictive set of firewall rules script is a sample firewall for ip_tables.

    Very restrictive set of firewall rules script is a sample firewall for ip_tables, the tool for doing firewalling and masquerading under the 2.3.x/2.4.x series of kernels.

    Be warned, this is a very restrictive set of firewall rules (and they should be, for proper security). Anything that you do not _specifically_ allow is logged and dropped into /dev/null, so if you're wondering why something isn't working, check /var/log/messages.

    This is about as close as you get to a 'secure' firewall. It's nasty, it's harsh, and it will make your machine nearly invisible to the rest of the internet world. Have fun.

    To run this script you must 'chmod 700 iptables-script' and then execute it. To stop it from running, run 'iptables -F'

    Sample:

    #Point this to your copy of ip_tables
    IPT="/usr/local/bin/iptables"

    #Load the module.
    modprobe ip_tables

    #Flush old rules, delete the firewall chain if it exists
    $IPT -F
    $IPT -F -t nat
    $IPT -X firewall

    #Setup Masquerading. Change the IP to your internal network and uncomment
    #this in order to enable it.
    #$IPT -A POSTROUTING -t nat -s 192.168.1.0/24 -j MASQUERADE
    #$IPT -P FORWARD ACCEPT
    #echo 1 > /proc/sys/net/ipv4/ip_forward

    #Set up the firewall chain
    $IPT -N firewall
    $IPT -A firewall -j LOG --log-level info --log-prefix "Firewall:"
    $IPT -A firewall -j DROP

    #Accept ourselves
    $IPT -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
    #If you're using IP Masquerading, change this IP to whatever your internl
    #IP addres is and uncomment it
    #$IPT -A INPUT -s 192.168.1.1/32 -d 0/0 -j ACCEPT

    #Accept DNS, 'cause it's warm and friendly
    $IPT -A INPUT -p udp --source-port 53 -j ACCEPT
    $IPT -A INPUT -p tcp --source-port 113 -j ACCEPT
    $IPT -A INPUT -p tcp --destination-port 113 -j ACCEPT

    #Allow ftp to send data back and forth.
    $IPT -A INPUT -p tcp ! --syn --source-port 20 --destination-port 1024:65535 -j ACCEPT

    #Accept SSH. Duh.
    #$IPT -A INPUT -p tcp --destination-port 22 -j ACCEPT

    #Send everything else ot the firewall.
    $IPT -A INPUT -p icmp -j firewall
    $IPT -A INPUT -p tcp --syn -j firewall
    $IPT -A INPUT -p udp -j firewall

    Product's homepage

      


    TAGS:

    		 restrictive rules | restrictive firewall | firewall rules | restrictive | firewall | rules

    Go to top

    WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

    SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
    © 2001 - 2013 Softpedia. All rights reserved.
    Softpedia® and the Softpedia® logo are
    registered trademarks of SoftNews NET SRL.    		 Copyright Information | Privacy Policy | Terms of Use