desktopfirewall
von Anonymous- SNIPPET_TEXT:
-
- #!/bin/sh
- # where is it?
- IPTABLES=`which iptables`
- # if we don't have iptables die
- test -f $IPTABLES || exit 0
- case "$1" in
- start)
- echo "Starting Firewall..."
- # erase all previous rulesets
- $IPTABLES -t nat -F
- $IPTABLES -t filter -F
- $IPTABLES -X
- # create new rulesets
- $IPTABLES -N TRASHCAN
- $IPTABLES -I TRASHCAN -p TCP -j LOG --log-prefix="IPTABLES - DROP TCP-Packet: " --log-level info
- $IPTABLES -I TRASHCAN -p UDP -j LOG --log-prefix="IPTABLES - DROP UDP-Packet: " --log-level info
- $IPTABLES -I TRASHCAN -p ICMP -j LOG --log-prefix="IPTABLES - DROP ICMP-Packet: " --log-level info
- # default policy
- $IPTABLES -P INPUT DROP
- $IPTABLES -P OUTPUT DROP
- $IPTABLES -P FORWARD DROP
- # loopback is ok
- $IPTABLES -I INPUT -i lo -j ACCEPT
- $IPTABLES -I OUTPUT -o lo -j ACCEPT
- #####################################################
- # outgoing
- $IPTABLES -I OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
- #####################################################
- # incoming
- # port 22 (SSH)
- #$IPTABLES -I INPUT -i eth0 -p TCP --sport 1024:65535 --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
- #$IPTABLES -I OUTPUT -o eth0 -p TCP --sport 22 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
- # established connections are ok
- $IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- #####################################################
- # TRASHCAN ;)
- $IPTABLES -A INPUT -m state --state NEW,INVALID -j TRASHCAN
- #####################################################
- # if there's anything left not really allowed yet we declare it being evil
- $IPTABLES -A INPUT -j TRASHCAN
- $IPTABLES -A OUTPUT -j TRASHCAN
- $IPTABLES -A FORWARD -j TRASHCAN
- ;;
- stop)
- echo "stopping firewall..."
- $IPTABLES -t nat -F
- $IPTABLES -t filter -F
- $IPTABLES -X
- $IPTABLES -P INPUT ACCEPT
- $IPTABLES -P OUTPUT ACCEPT
- $IPTABLES -P FORWARD ACCEPT
- ;;
- *)
- echo "usage: /etc/init.d/firewall (start|stop)"
- exit 1
- ;;
- esac
- exit 0
Quellcode
Hier kannst du den Code kopieren und ihn in deinen bevorzugten Editor einfügen. PASTEBIN_DOWNLOAD_SNIPPET_EXPLAIN