slitaz-tools view etc/slitaz/firewall.sh @ rev 802
fix Makefile
| author | Dominique Corbex <domcox@slitaz.org> |
|---|---|
| date | Wed Feb 20 20:20:37 2013 +0100 (2013-02-20) |
| parents | |
| children | 4e92eb00bfa3 |
line source
1 #!/bin/sh
2 #
3 # SliTaz IPtables firewall rules
4 #
5 . /etc/slitaz/firewall.conf
7 # Drop all input connections
8 iptables -P INPUT DROP
10 # Drop all output connections
11 iptables -P OUTPUT DROP
13 # Drop all forward connections
14 iptables -P FORWARD DROP
16 # Accept input on localhost (127.0.0.1)
17 iptables -A INPUT -i lo -j ACCEPT
19 # Accept input on the local network
20 iptables -A INPUT -s $LOCAL_NETWORK -j ACCEPT
22 # Accept near all output trafic.
23 iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
25 # Accept input trafic only for connections initialized by user.
26 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
28 # If you manage a HTTP/SSH/FTP/IRC server you can accept input for
29 # non-established connections an some ports. Else you can disable the
30 # lines below for more secured setup.
31 for iface in $INTERFACES
32 do
33 # Accept input on port 80 for the HTTP server.
34 iptables -A INPUT -i $iface -p tcp --source-port 80 -j ACCEPT
36 # Accept input on port 22 for SSH.
37 iptables -A INPUT -i $iface -p tcp --destination-port 22 -j ACCEPT
39 # Accept port 21 and, 1024 to 60310 for FTP.
40 iptables -A INPUT -i $iface -p tcp --destination-port 21 -j ACCEPT
41 iptables -A INPUT -i $iface -p tcp --destination-port 1024:60310 -j ACCEPT
43 # Accept port 6667 for IRC chat.
44 iptables -A INPUT -i $iface -p tcp --source-port 6667 -j ACCEPT
46 # Accept unprivileged ports.
47 iptables -A INPUT -i $iface -p udp --destination-port 1024:65535 -j ACCEPT
49 # Accept ping.
50 iptables -A INPUT -i $iface -p icmp -j ACCEPT
51 done