cryptolife.org » Easy firewall

26 04 2008

Easy firewall

Posted by: phillip in Security, scripts

Just a simple iptables script for a standalone mail,web,dns server.

Here’s the code in a readable mode:

http://www.cryptolife.org/code/easyfire.sh.txt

#!/bin/sh IPT="/sbin/iptables" echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts echo 0 > /proc/sys/net/ipv4/ip_forward #modules $IPT -P INPUT DROP $IPT -P FORWARD DROP $IPT -P OUTPUT ACCEPT # Enable free use of loopback interfaces $IPT -A INPUT -i lo -j ACCEPT $IPT -A OUTPUT -o lo -j ACCEPT # Input policy $IPT -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED TCP="22,25,53,80,123,443,993" UDP="53,123"$IPT -A INPUT -i eth0 -p tcp -j ACCEPT -m multiport \ --dports $TCP -m state --state NEW

$IPT -A INPUT -i eth0 -p udp -j ACCEPT -m multiport \ --dports $UDP -m state --state NEW

This entry was posted on Saturday, April 26th, 2008 at 5:30 pm and is filed under Security, scripts. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Easy firewall

Leave a Reply