Unifix knowledge database - The original one

Dashboard - News - Search - List - About - Admin


Simple iptables-firewalling the Debian way

Author:mike - Sun Mar 16 19:21:02 2008

The script is self explanatory, and if you dont understand it go read some newbie-guide to iptables, otherwise place the script in /etc/init.d name it firewall and run:

update-rc.d rc.firewall defaults 19

And then you are ready to go :)

The script:
jail03:~# cat firewall 
#!/bin/sh -e
### BEGIN INIT INFO
# Provides:          firewall 
# Required-Start:    networking 
# Required-Stop:     
# Default-Start:     S
# Default-Stop:      0 6
# Short-Description: Raise network interfaces.
### END INIT INFO
. /lib/lsb/init-functions
case "$1" in
start)
        iptables -P INPUT ACCEPT
        iptables -P FORWARD ACCEPT
        iptables -P OUTPUT ACCEPT

        iptables -t filter -F INPUT
        iptables -t filter -F FORWARD 
        iptables -t filter -F OUTPUT 

        log_action_begin_msg "Configuring network firewall"

        iptables -P INPUT DROP 
        iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

        iptables --new FULL
        iptables --new WEB

        # The Network Office
        iptables -A INPUT -s 10.0.0.0/24 -j FULL
        # BOFH
        iptables -A INPUT -s 83.89.249.18 -j FULL

        # Student range 1 and 2 are jumped to WEB
        iptables -A INPUT -s 10.1.0.0/24 -j WEB
        iptables -A INPUT -s 10.2.0.0/24 -j WEB

        # FULL means:
        iptables -A FULL -m state --state NEW -p tcp --dport 80 -j ACCEPT 
        iptables -A FULL -m state --state NEW -p tcp --dport 21 -j ACCEPT 

        # WEB means:
        iptables -A WEB -m state --state NEW -p tcp --dport 80 -j ACCEPT 

        log_action_end_msg 0 

        ;;

stop)
        log_action_begin_msg "Tearing down network firewall"

        iptables -P INPUT ACCEPT
        iptables -P FORWARD ACCEPT
        iptables -P OUTPUT ACCEPT

        iptables -t filter -F INPUT
        iptables -t filter -F FORWARD 
        iptables -t filter -F OUTPUT 

        iptables -F FULL 
        iptables --delete-chain FULL 


        iptables -F WEB
        iptables --delete-chain WEB

        log_action_end_msg 0;
        ;;

*)
        echo "Usage: /etc/init.d/firewall {start|stop}"
        exit 1
        ;;
Copyright(c) Unifix.org 2002-2011


Dashboard - News - Search - List - About - Admin
 
Powered by Mikjaer Consulting Solutions - Hosted by Specialhosting.dk