Tightly secured firewall for general use Tightly secured firewall for general use is an iptables firewall script.
Download

Tightly secured firewall for general use Ranking & Summary

Tightly secured firewall for general use Tags

iptables secured iptables firewall netfilter firewall secured firewall Tightly

Tightly secured firewall for general use Description

Tightly secured firewall for general use is an iptables firewall script. Tightly secured firewall for general use is an iptables firewall script.Sample:#!/bin/shecho "Initializing modules..."cd /lib/modules/2.4.1/kernel/net/ipv4/netfilterinsmod ip_tablesinsmod ip_conntrackinsmod ipt_stateinsmod ipt_limit#insmod iptable_mangle#insmod ipt_PERSecho "Flushing rules.."#iptables -F PREROUTING#iptables -t mangle -F OUTPUTiptables -F INPUTiptables -F FORWARDiptables -F OUTPUTiptables -P INPUT ACCEPTiptables -P FORWARD ACCEPTiptables -P OUTPUT ACCEPTif ; thenecho "Setting up spoof protection..."for blah in /proc/sys/net/ipv4/conf/*/rp_filter; doecho "1" > $blahdoneecho "Setting default routes..."iptables -P INPUT DROPiptables -P FORWARD ACCEPTiptables -P OUTPUT ACCEPTecho "Configuring external interface rulesets..."#iptables -t mangle -A PREROUTING -j PERS --local --tweak dst --conf /etc/win9x.conf#iptables -t mangle -A OUTPUT -j PERS --local --tweak src --conf /etc/win9x.confiptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROPiptables -A INPUT -i eth0 -s 10.0.0.0/8 -j DROPiptables -A INPUT -i eth0 -s 255.255.255.255/32 -j DROPiptables -A INPUT -i eth0 -s 0.0.0.0/8 -j DROPiptables -A INPUT -i eth0 -s 169.254.0.0/16 -j DROPiptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROPiptables -A INPUT -i eth0 -s 192.0.2.0/24 -j DROPiptables -A INPUT -i eth0 -s 192.168.0.0/16 -j DROPiptables -A INPUT -i eth0 -s 224.0.0.0/4 -j DROPiptables -A INPUT -i eth0 -s 240.0.0.0/5 -j DROPiptables -A INPUT -i eth0 -s 248.0.0.0/5 -j DROPiptables -A INPUT -i eth0 -f -j DROPiptables -A INPUT -i eth0 -p TCP -m state --state INVALID -j DROPiptables -A INPUT -i eth0 -p TCP --syn -m limit --limit 1/s -j ACCEPTiptables -A INPUT -i eth0 -p TCP --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 20 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 23 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 113 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT#iptables -A INPUT -i eth0 -p TCP -s 0/0 --sport 1024:5000 -d 0/0 --dport 1998 -j ACCEPT#iptables -A INPUT -i eth0 -p TCP -s 0/0 --sport 1024:5000 -d 0/0 --dport 1999 -j ACCEPTiptables -A INPUT -i eth0 -p TCP --dport 32768:61000 -m state --state ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 20 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 23 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 113 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT#iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 1998 -j ACCEPT#iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 1999 -j ACCEPT#iptables -A INPUT -i eth0 -p UDP -j DENYiptables -A INPUT -i eth0 -p UDP -s 0/0 --sport 53 -j ACCEPT#iptables -A INPUT -i eth0 -p UDP -s 0/0 --dport 53 -j ACCEPT#iptables -A INPUT -i eth0 -p UDP -s 0/0 --sport 161 -j ACCEPTiptables -A INPUT -i eth0 -p UDP -s 0/0 --sport ntp -j ACCEPTiptables -A INPUT -i eth0 -p UDP -s 0/0 --dport ntp -j ACCEPTiptables -A INPUT -i eth0 -p ICMP --icmp-type echo-reply -j ACCEPTecho "Configuring routing rulesets..."iptables -A FORWARD -i eth0 -d 205.188.153.139/32 -j DROPiptables -A FORWARD -i eth0 -d 205.188.153.140/32 -j DROPiptables -A FORWARD -i eth0 -d 205.188.153.141/32 -j DROPiptables -A FORWARD -i eth0 -d 205.188.7.168/32 -j DROPiptables -A FORWARD -i eth0 -d 205.188.7.164/32 -j DROPiptables -A FORWARD -i eth0 -d 205.188.7.178/32 -j DROPiptables -A FORWARD -i eth0 -d 205.188.7.172/32 -j DROPiptables -A FORWARD -i eth0 -d 205.188.7.176/32 -j DROPiptables -A FORWARD -i eth0 -d 205.188.5.208/32 -j DROPiptables -A FORWARD -i eth0 -d 205.188.4.159/32 -j DROPiptables -A FORWARD -i eth0 -d 205.188.3.160/32 -j DROPiptables -A FORWARD -i eth0 -d 205.188.3.176/32 -j DROPiptables -A FORWARD -i eth0 -d 205.188.5.204/32 -j DROPiptables -A FORWARD -i eth0 -d 205.188.153.139/32 -j DROPiptables -A FORWARD -i eth0 -d 209.185.128.132/32 -j DROPiptables -A FORWARD -i eth0 -d 152.163.241.128/32 -j DROPiptables -A FORWARD -i eth0 -d 152.163.242.24/32 -j DROPiptables -A FORWARD -i eth0 -d 152.163.242.28/32 -j DROPiptables -A FORWARD -i eth0 -d 152.163.241.120/32 -j DROPiptables -A FORWARD -i eth0 -p TCP --sport 1024: --dport 9898 -j DROPiptables -A FORWARD -i eth0 -d 10.0.0.0/8 -j DROPiptables -A FORWARD -i eth0 -d 127.0.0.0/8 -j DROPiptables -A FORWARD -i eth0 -p igmp -j DROPiptables -A FORWARD -i eth0 -p TCP --syn -m limit --limit 10/s -j ACCEPTiptables -A FORWARD -i eth0 -p TCP --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 10/s -j ACCEPTecho "Configuring internal interface rulesets..."iptables -A INPUT -i lo -j ACCEPTecho "IPtables firewall configuration completed."fi

Tightly secured firewall for general use Related Software