Buzzedlightyears IPTables

From SlackWiki
Revision as of 03:32, 2 June 2009 by Erik (talk | contribs) (Copy from old)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
#!/bin/sh

IPTABLES=/usr/sbin/iptables

#Allow incoming returning requests (Port Scans, Pings)
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p icmp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p tcp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p udp

#Allow incoming FTP Connections
$IPTABLES -A INPUT -p tcp --dport 20 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT

#Allow new incoming SSH connections
#$IPTABLES -A INPUT -p tcp --dport 22 -m state --state new -j ACCEPT

#Webserver
#$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT

#Allow Pings
$IPTABLES -A INPUT -p icmp -j ACCEPT

#Allow All Local Host
$IPTABLES -A INPUT -i lo -j ACCEPT

#Drop all other and LOG to /var/log/firewall
$IPTABLES -A INPUT -m limit --limit 3/s --limit-burst 5 -i eth0 -j LOG
#$IPTABLES -A INPUT -i eth0 -j DROP

$IPTABLES -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j ACCEPT
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
$IPTABLES -A FORWARD -m state --state NEW,RELATED,ESTABLISHED,UNTRACKED -j DROP
$IPTABLES -A INPUT -j DROP
$IPTABLES -A INPUT -p igmp -j DROP