[plug] firewall rules
Clinton Butler
misprint at bizzpro.com.au
Wed Dec 26 09:52:41 WST 2001
Here is the firewall that I used all the way up until my server died
(electrical storms are dangerous).
Hope it can help you out :o)
-----------------------------------------------------------------------
#!/bin/sh
#
# firewall-masq This script sets up firewall rules for a machine
# acting as a masquerading gateway
#
EXTIF=ppp0
ANY=0.0.0.0/0
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward DENY
ipchains -F forward
ipchains -F input
ipchains -F output
# Accept TCP traffic to port 22 (SSH) and 80 (http)
ipchains -A input -i $EXTIF -d $ANY 22 -p tcp -j ACCEPT
ipchains -A input -l -i $EXTIF -d $ANY 3876 -p tcp -j ACCEPT
# Deny TCP and UDP packets to privileged ports (and log)
ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p udp -j DENY
ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p tcp -j DENY
ipchains -A input -l -i $EXTIF -d $ANY 6000 -p tcp -j DENY
# Deny TCP connection attempts
ipchains -A input -l -i $EXTIF -d $ANY 0:60000 -p tcp -y -j DENY
# Deny ICMP echo-requests
ipchains -A input -l -i $EXTIF -s $ANY echo-request -p icmp -j DENY
# Do masquerading
ipchains -A forward -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward
# EOF
More information about the plug
mailing list