summaryrefslogtreecommitdiff
path: root/configs/firewall-standalone (plain)
blob: 15b310e45a4749b00cd9fb9118f5c8221a8d9531
1#!/bin/sh
2#
3# firewall-standalone This script sets up firewall rules for a standalone
4# machine
5#
6# Copyright (C) 2005 Roaring Penguin Software Inc. This software may
7# be distributed under the terms of the GNU General Public License, version
8# 2 or any later version.
9# LIC: GPL
10
11# Interface to Internet
12EXTIF=ppp+
13
14iptables -P INPUT ACCEPT
15iptables -P OUTPUT ACCEPT
16iptables -P FORWARD DROP
17
18iptables -F FORWARD
19iptables -F INPUT
20iptables -F OUTPUT
21
22# Deny TCP and UDP packets to privileged ports
23iptables -A INPUT -p udp -i $EXTIF --dport 0:1023 -j LOG
24iptables -A INPUT -p tcp -i $EXTIF --dport 0:1023 -j LOG
25iptables -A INPUT -p udp -i $EXTIF --dport 0:1023 -j DROP
26iptables -A INPUT -p tcp -i $EXTIF --dport 0:1023 -j DROP
27
28# Deny TCP connection attempts
29iptables -A INPUT -i $EXTIF -p tcp --syn -j LOG
30iptables -A INPUT -i $EXTIF -p tcp --syn -j DROP
31
32# Deny ICMP echo-requests
33iptables -A INPUT -i $EXTIF -p icmp --icmp-type echo-request -j DROP
34
35
generated by cgit at 2024-05-18 05:35:59 (GMT)