slitaz-tools diff etc/firewall.conf @ rev 746
Add: decode (new cmdline tool to decode audio/video files)
author | Christophe Lincoln <pankso@slitaz.org> |
---|---|
date | Mon Apr 30 10:35:44 2012 +0200 (2012-04-30) |
parents | 71139fa09dca |
children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/etc/firewall.conf Mon Apr 30 10:35:44 2012 +0200 1.3 @@ -0,0 +1,65 @@ 1.4 +# /etc/firewall.conf: SliTaz firewall configuration. 1.5 +# Config file used by: /etc/init.d/firewall.sh 1.6 +# 1.7 + 1.8 +# Network interface. 1.9 +INTERFACE="eth0" 1.10 + 1.11 +# Enable/disable kernel security. 1.12 +KERNEL_SECURITY="yes" 1.13 + 1.14 +# Enable/disable iptables rules (iptables package must be installed). 1.15 +IPTABLES_RULES="no" 1.16 + 1.17 +# Netfilter/iptables rules. 1.18 +# This shell function is included in /etc/init.d/firewall.sh 1.19 +# to start iptables rules. 1.20 +# 1.21 +iptables_rules() 1.22 +{ 1.23 + 1.24 +# Drop all input connections. 1.25 +iptables -P INPUT DROP 1.26 + 1.27 +# Drop all output connections. 1.28 +iptables -P OUTPUT DROP 1.29 + 1.30 +# Drop all forward connections. 1.31 +iptables -P FORWARD DROP 1.32 + 1.33 +# Accept input on localhost (127.0.0.1). 1.34 +iptables -A INPUT -i lo -j ACCEPT 1.35 + 1.36 +# Accept input on the local network (192.168.0.0/24). 1.37 +iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT 1.38 + 1.39 +# Accept near all output trafic. 1.40 +iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 1.41 + 1.42 +# Accept input trafic only for connections initialized by user. 1.43 +iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 1.44 + 1.45 +# If you manage a HTTP/SSH/FTP/IRC server you can accept input for non-established connections an some ports. 1.46 +# else you can disable the lines below for more secured setup 1.47 + 1.48 +# Accept input on port 80 for the HTTP server. 1.49 +iptables -A INPUT -i $INTERFACE -p tcp --source-port 80 -j ACCEPT 1.50 + 1.51 +# Accept input on port 22 for SSH. 1.52 +iptables -A INPUT -i $INTERFACE -p tcp --destination-port 22 -j ACCEPT 1.53 + 1.54 +# Accept port 21 and, 1024 to 60310 for FTP. 1.55 +iptables -A INPUT -i $INTERFACE -p tcp --destination-port 21 -j ACCEPT 1.56 +iptables -A INPUT -i $INTERFACE -p tcp --destination-port 1024:60310 -j ACCEPT 1.57 + 1.58 +# Accept port 6667 for IRC chat. 1.59 +iptables -A INPUT -i $INTERFACE -p tcp --source-port 6667 -j ACCEPT 1.60 + 1.61 +# Accept unprivileged ports. 1.62 +iptables -A INPUT -i $INTERFACE -p udp --destination-port 1024:65535 -j ACCEPT 1.63 + 1.64 +# Accept ping. 1.65 +iptables -A INPUT -i $INTERFACE -p icmp -j ACCEPT 1.66 + 1.67 +} 1.68 +