mirror of
https://gitlab.archlinux.org/tpowa/archboot.git
synced 2024-09-20 03:50:37 +02:00
35 lines
978 B
Text
35 lines
978 B
Text
|
#!/bin/sh
|
||
|
#
|
||
|
# firewall-standalone This script sets up firewall rules for a standalone
|
||
|
# machine
|
||
|
#
|
||
|
# Copyright (C) 2005 Roaring Penguin Software Inc. This software may
|
||
|
# be distributed under the terms of the GNU General Public License, version
|
||
|
# 2 or any later version.
|
||
|
# LIC: GPL
|
||
|
|
||
|
# Interface to Internet
|
||
|
EXTIF=ppp+
|
||
|
|
||
|
iptables -P INPUT ACCEPT
|
||
|
iptables -P OUTPUT ACCEPT
|
||
|
iptables -P FORWARD DROP
|
||
|
|
||
|
iptables -F FORWARD
|
||
|
iptables -F INPUT
|
||
|
iptables -F OUTPUT
|
||
|
|
||
|
# Deny TCP and UDP packets to privileged ports
|
||
|
iptables -A INPUT -p udp -i $EXTIF --dport 0:1023 -j LOG
|
||
|
iptables -A INPUT -p tcp -i $EXTIF --dport 0:1023 -j LOG
|
||
|
iptables -A INPUT -p udp -i $EXTIF --dport 0:1023 -j DROP
|
||
|
iptables -A INPUT -p tcp -i $EXTIF --dport 0:1023 -j DROP
|
||
|
|
||
|
# Deny TCP connection attempts
|
||
|
iptables -A INPUT -i $EXTIF -p tcp --syn -j LOG
|
||
|
iptables -A INPUT -i $EXTIF -p tcp --syn -j DROP
|
||
|
|
||
|
# Deny ICMP echo-requests
|
||
|
iptables -A INPUT -i $EXTIF -p icmp --icmp-type echo-request -j DROP
|
||
|
|