slitaz-tools view rootfs/etc/firewall.conf @ rev 317
Edits/typos (more to be done)
| author | Paul Issott <paul@slitaz.org> |
|---|---|
| date | Tue Mar 10 20:19:52 2009 +0000 (2009-03-10) |
| parents | db0e82bebc70 |
| children | 71139fa09dca |
line source
1 # /etc/firewall.conf: SliTaz firewall configuration.
2 # Config file used by: /etc/init.d/firewall.sh
3 #
5 # Network interface.
6 INTERFACE="eth0"
8 # Enable/disable kernel security.
9 KERNEL_SECURITY="yes"
11 # Enable/disable iptables rules (iptables package must be installed).
12 IPTABLES_RULES="no"
14 # Netfilter/iptables rules.
15 # This shell function is included in /etc/init.d/firewall.sh
16 # to start iptables rules.
17 #
18 iptables_rules()
19 {
21 # Drop all input connections.
22 iptables -P INPUT DROP
24 # Accept all output connections.
25 iptables -P OUTPUT ACCEPT
27 # Accept input on localhost (127.0.0.1).
28 iptables -A INPUT -i lo -j ACCEPT
30 # Accept all on the local network (192.168.0.0/24).
31 iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
33 # Accept input on port 80 for the HTTP server.
34 iptables -A INPUT -i $INTERFACE -p tcp --source-port 80 -j ACCEPT
36 # Accept input on port 22 for SSH.
37 iptables -A INPUT -i $INTERFACE -p tcp --destination-port 22 -j ACCEPT
39 # Accept port 21 and, 1024 to 60310 for FTP.
40 iptables -A INPUT -i $INTERFACE -p tcp --destination-port 21 -j ACCEPT
41 iptables -A INPUT -i $INTERFACE -p tcp --destination-port 1024:60310 -j ACCEPT
43 # Accept port 6667 for IRC chat.
44 iptables -A INPUT -i $INTERFACE -p tcp --source-port 6667 -j ACCEPT
46 # Accept unprivileged ports.
47 iptables -A INPUT -i $INTERFACE -p udp --destination-port 1024:65535 -j ACCEPT
49 # Accept ping.
50 iptables -A INPUT -i $INTERFACE -p icmp -j ACCEPT
52 }