Simple firewall [iptables]
Posted: 28. Aug 2010, 17:40
Since I don't know what exactly I'm writing at this post, please don't take me too seriously (any better sentence in english?) about the following:
Since there's no firewall application in SalixOS, in my view, at least...
Since there's no firewall application in SalixOS, in my view, at least...
from: http://yorik.uncreated.net/linuxstuff.htmlSimple firewall
This is a very simple firewall I was once taught by my friend Fabio. Just copy these lines in a blank file, make it executable, and have it executed some time during your init process. My favorite way is to add this in /etc/network/interfaces:This is the firewall script:Code: Select all
auto eth1 iface eth1 inet static address 192.168.0.1 netmask 255.255.255.0 post-up /etc/network/if-up.d/firewall.sh
Code: Select all
#!/bin/sh # Cleans the iptables iptables -F # Enables internet connection sharing modprobe iptable_nat iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward # Opens some ports (22=SSH, 1080=Socks) iptables -A INPUT -p tcp --destination-port 22 -j ACCEPT iptables -A INPUT -p tcp --destination-port 1080 -j ACCEPT # Opens local network iptables -A INPUT -p tcp --syn -s 192.168.0.0/255.255.255.0 -j ACCEPT # Closes everything else iptables -A INPUT -p tcp --syn -j DROP