Buzzedlightyears IPTables

From SlackWiki
Jump to: navigation, search
#!/bin/sh

IPTABLES=/usr/sbin/iptables

#Allow incoming returning requests (Port Scans, Pings)
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p icmp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p tcp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p udp

#Allow incoming FTP Connections
$IPTABLES -A INPUT -p tcp --dport 20 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT

#Allow new incoming SSH connections
#$IPTABLES -A INPUT -p tcp --dport 22 -m state --state new -j ACCEPT

#Webserver
#$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT

#Allow Pings
$IPTABLES -A INPUT -p icmp -j ACCEPT

#Allow All Local Host
$IPTABLES -A INPUT -i lo -j ACCEPT

#Drop all other and LOG to /var/log/firewall
$IPTABLES -A INPUT -m limit --limit 3/s --limit-burst 5 -i eth0 -j LOG
#$IPTABLES -A INPUT -i eth0 -j DROP

$IPTABLES -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j ACCEPT
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
$IPTABLES -A FORWARD -m state --state NEW,RELATED,ESTABLISHED,UNTRACKED -j DROP
$IPTABLES -A INPUT -j DROP
$IPTABLES -A INPUT -p igmp -j DROP