blob: 15b310e45a4749b00cd9fb9118f5c8221a8d9531
1 | #!/bin/sh |
2 | # |
3 | # firewall-standalone This script sets up firewall rules for a standalone |
4 | # machine |
5 | # |
6 | # Copyright (C) 2005 Roaring Penguin Software Inc. This software may |
7 | # be distributed under the terms of the GNU General Public License, version |
8 | # 2 or any later version. |
9 | # LIC: GPL |
10 | |
11 | # Interface to Internet |
12 | EXTIF=ppp+ |
13 | |
14 | iptables -P INPUT ACCEPT |
15 | iptables -P OUTPUT ACCEPT |
16 | iptables -P FORWARD DROP |
17 | |
18 | iptables -F FORWARD |
19 | iptables -F INPUT |
20 | iptables -F OUTPUT |
21 | |
22 | # Deny TCP and UDP packets to privileged ports |
23 | iptables -A INPUT -p udp -i $EXTIF --dport 0:1023 -j LOG |
24 | iptables -A INPUT -p tcp -i $EXTIF --dport 0:1023 -j LOG |
25 | iptables -A INPUT -p udp -i $EXTIF --dport 0:1023 -j DROP |
26 | iptables -A INPUT -p tcp -i $EXTIF --dport 0:1023 -j DROP |
27 | |
28 | # Deny TCP connection attempts |
29 | iptables -A INPUT -i $EXTIF -p tcp --syn -j LOG |
30 | iptables -A INPUT -i $EXTIF -p tcp --syn -j DROP |
31 | |
32 | # Deny ICMP echo-requests |
33 | iptables -A INPUT -i $EXTIF -p icmp --icmp-type echo-request -j DROP |
34 | |
35 |