Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: firewall

  1. #11
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Okay nobody laugh
    #!/bin/bash
    #Fischer Price "My First Firewall"
    #define variables
    #services must be defined in /etc/services
    SERVICES="ftp ssh"
    INT=""
    EXT="eth0"
    if [ "$1" = "start" ]
    then
    echo "Starting firewall..."
    # Flush all existing chains and erase personal chains
    CHAINS=$(cat /proc/net/ip_tables_names 2>/dev/null)
    for i in $CHAINS;
    do
    $IPT -t $i -F
    done
    for i in $CHAINS;
    do
    $IPT -t $i -X
    done
    echo 1 > /proc/sys/net/ipv4/tcp_syncookies
    echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
    #creating rules
    iptables -P INPUT REJECT
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -P OUTPUT ACCEPT
    #enable services
    for x in ${SERVICES}
    do
    iptables -A INPUT -p tcp --dport ${x} -m state --state NEW -j ACCEPT
    done

    iptables -A INPUT -p udp -i ${EXT}-j REJECT --reject-with icmp-port-unreachable
    #hide our firewall
    iptables -A INPUT -p tcp -i ${EXT}-j REJECT --reject-with tcp-reset
    iptables -A INPUT -p udp -i ${EXT} -j REJECT --reject-with icmp-port-unreachable

    # disable ECN
    if [ -e /proc/sys/net/ipv4/tcp_ecn ]
    then
    echo 0 > /proc/sys/net/ipv4/tcp_ecn
    fi

    #disable spoofing on all interfaces
    for x in ${INT} ${EXT}
    do
    echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
    done

    echo 1 > /proc/sys/net/ipv4/ip_forward
    #ping rules
    PERMIT_ICMP="destination-unreachable echo-reply time-exceeded"
    for i in ${PERMIT_ICMP}
    do
    iptables -A INPUT -p icmp --icmp-type ${i} -j ACCEPT
    done
    elif [ "$1" = "stop" ]
    then
    echo "Stopping firewall..."
    iptables -F INPUT
    iptables -P INPUT ACCEPT
    fi

  2. #12
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Thanks a lot pureh@te, it's working.........with a small modification.
    GREAT JOB!!
    Don't eat yellow snow :rolleyes:

  3. #13
    Junior Member kr0m3's Avatar
    Join Date
    Jan 2008
    Posts
    68

    Default

    yes, thanks for the tips.
    udaman.

    ~k
    "...you've picked up a bit of an attitude. Still curious and willing to learn, I hope. "

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •