Buzzedlightyears IPTables
Jump to navigation
Jump to search
#!/bin/sh IPTABLES=/usr/sbin/iptables #Allow incoming returning requests (Port Scans, Pings) $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p icmp $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p tcp $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p udp #Allow incoming FTP Connections $IPTABLES -A INPUT -p tcp --dport 20 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT #Allow new incoming SSH connections #$IPTABLES -A INPUT -p tcp --dport 22 -m state --state new -j ACCEPT #Webserver #$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT #Allow Pings $IPTABLES -A INPUT -p icmp -j ACCEPT #Allow All Local Host $IPTABLES -A INPUT -i lo -j ACCEPT #Drop all other and LOG to /var/log/firewall $IPTABLES -A INPUT -m limit --limit 3/s --limit-burst 5 -i eth0 -j LOG #$IPTABLES -A INPUT -i eth0 -j DROP $IPTABLES -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j ACCEPT $IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT $IPTABLES -A FORWARD -m state --state NEW,RELATED,ESTABLISHED,UNTRACKED -j DROP $IPTABLES -A INPUT -j DROP $IPTABLES -A INPUT -p igmp -j DROP