Firewall

Posted: 2012-06-07 | Author: | Filed under: system | Tags: , , |Leave a comment

Problem: I do not know iptables
Solution: Use a firewall script I found years ago in a Slackware security guide written by Chess Griffin. Create an empty file and name it rc.firewall. Open it and paste the following:

	#!/bin/bash

	# rc.firewall for
	# Basic Slackware Security

	# These two rules set the default policies, i.e. what to do if a
	# packet doesn't match any other rule, to drop any packet coming
	# into (INPUT) or routing through (FORWARD) the box.
	iptables -P INPUT DROP
	iptables -P FORWARD DROP

	# These rules are added (-A) to the INPUT chain.  They allow packets
	# from any previously established connections and accept anything
	# from the loopback interface.
	iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
	iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT

	# This rule added to the INPUT chain accepts any ssh connections.
	iptables -A INPUT -p tcp --dport 22 -i wlan0 -j ACCEPT

You may need to change the eth0 interface. Save rc.firewall, move it to /etc/rc.d and make it executable:

chmod +x /etc/rc.d/rc.firewall

Now, start the script:

/etc/rc.d/rc.firewall start

Later, it should be started automatically from /etc/rc.d/rc.inet2 upon boot.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s