66 files changed, 15542 insertions, 1 deletions

diff --git a/configs/firewall-standalone b/configs/firewall-standalone
new file mode 100755
index 0000000..15b310e
--- a/dev/null
+++ b/configs/firewall-standalone
@@ -0,0 +1,34 @@
+#!/bin/sh
+#
+# firewall-standalone	This script sets up firewall rules for a standalone
+#                       machine
+#
+# Copyright (C) 2005 Roaring Penguin Software Inc.  This software may
+# be distributed under the terms of the GNU General Public License, version
+# 2 or any later version.
+# LIC: GPL
+
+# Interface to Internet
+EXTIF=ppp+
+
+iptables -P INPUT ACCEPT
+iptables -P OUTPUT ACCEPT
+iptables -P FORWARD DROP
+
+iptables -F FORWARD
+iptables -F INPUT
+iptables -F OUTPUT
+
+# Deny TCP and UDP packets to privileged ports
+iptables -A INPUT -p udp -i $EXTIF --dport 0:1023 -j LOG
+iptables -A INPUT -p tcp -i $EXTIF --dport 0:1023 -j LOG
+iptables -A INPUT -p udp -i $EXTIF --dport 0:1023 -j DROP
+iptables -A INPUT -p tcp -i $EXTIF --dport 0:1023 -j DROP
+
+# Deny TCP connection attempts
+iptables -A INPUT -i $EXTIF -p tcp --syn -j LOG
+iptables -A INPUT -i $EXTIF -p tcp --syn -j DROP
+
+# Deny ICMP echo-requests
+iptables -A INPUT -i $EXTIF -p icmp --icmp-type echo-request -j DROP
+