66 files changed, 0 insertions, 15542 deletions
diff --git a/configs/firewall-masq b/configs/firewall-masq deleted file mode 100755 index 14b9971..0000000 --- a/configs/firewall-masq +++ b/dev/null @@ -1,71 +0,0 @@ -#!/bin/sh -# -# firewall-masq This script sets up firewall rules for a machine -# acting as a masquerading gateway -# -# Copyright (C) 2000 Roaring Penguin Software Inc. This software may -# be distributed under the terms of the GNU General Public License, version -# 2 or any later version. -# LIC: GPL - -# Interface to Internet -EXTIF=ppp+ - -# NAT-Tables are different, so we can use ACCEPT everywhere (?) -iptables -t nat -P PREROUTING ACCEPT -iptables -t nat -P OUTPUT ACCEPT -iptables -t nat -P POSTROUTING ACCEPT - -# Flush the NAT-Table -iptables -t nat -F - -iptables -t filter -P INPUT DROP -iptables -t filter -F - -# Allow incoming SSH -#iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 22 -j ACCEPT - -# Log & Deny the rest of the privileged ports -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 0:1023 -j LOG -iptables -t filter -A INPUT -i $EXTIF -p udp --dport 0:1023 -j LOG -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 0:1023 -j DROP -iptables -t filter -A INPUT -i $EXTIF -p udp --dport 0:1023 -j DROP - -# Log & Deny NFS -iptables -t filter -A INPUT -i $EXTIF -p udp --dport 2049 -j LOG -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 2049 -j LOG -iptables -t filter -A INPUT -i $EXTIF -p udp --dport 2049 -j DROP -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 2049 -j DROP - -# Log & Deny X11 -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 6000:6063 -j LOG -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 6000:6063 -j DROP - -# Log & Deny XFS -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 7100 -j LOG -iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 7100 -j DROP - -# Deny TCP connection attempts -iptables -t filter -A INPUT -i $EXTIF -p tcp --syn -j LOG -iptables -t filter -A INPUT -i $EXTIF -p tcp --syn -j DROP - -# Deny ICMP echo-requests -iptables -t filter -A INPUT -i $EXTIF -p icmp --icmp-type echo-request -j DROP - -# Do masquerading -iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE - -# Enable forwarding -echo 1 > /proc/sys/net/ipv4/ip_forward - -# no IP spoofing -if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ] ; then - for i in /proc/sys/net/ipv4/conf/*/rp_filter; do - echo 1 > $i - done -fi - -# Disable Source Routed Packets -for i in /proc/sys/net/ipv4/conf/*/accept_source_route; do - echo 0 > $i -done |