66 files changed, 15542 insertions, 1 deletions
diff --git a/configs/firewall-standalone b/configs/firewall-standalone new file mode 100755 index 0000000..15b310e --- a/dev/null +++ b/configs/firewall-standalone @@ -0,0 +1,34 @@ +#!/bin/sh +# +# firewall-standalone This script sets up firewall rules for a standalone +# machine +# +# Copyright (C) 2005 Roaring Penguin Software Inc. This software may +# be distributed under the terms of the GNU General Public License, version +# 2 or any later version. +# LIC: GPL + +# Interface to Internet +EXTIF=ppp+ + +iptables -P INPUT ACCEPT +iptables -P OUTPUT ACCEPT +iptables -P FORWARD DROP + +iptables -F FORWARD +iptables -F INPUT +iptables -F OUTPUT + +# Deny TCP and UDP packets to privileged ports +iptables -A INPUT -p udp -i $EXTIF --dport 0:1023 -j LOG +iptables -A INPUT -p tcp -i $EXTIF --dport 0:1023 -j LOG +iptables -A INPUT -p udp -i $EXTIF --dport 0:1023 -j DROP +iptables -A INPUT -p tcp -i $EXTIF --dport 0:1023 -j DROP + +# Deny TCP connection attempts +iptables -A INPUT -i $EXTIF -p tcp --syn -j LOG +iptables -A INPUT -i $EXTIF -p tcp --syn -j DROP + +# Deny ICMP echo-requests +iptables -A INPUT -i $EXTIF -p icmp --icmp-type echo-request -j DROP + |