About F19 Firewall
P J P
pj.pandit at yahoo.co.in
Tue Sep 17 05:21:48 UTC 2013
----- Original Message -----
> From: P J P <pj.pandit at yahoo.co.in>
> Subject: About F19 Firewall
> It doesn't have to be so complicated that even if one tries to understand it, he/she can not. :(
This small script seems to work good.
===
#!/bin/sh
#
# fw.sh: a basic drop unless allowed firewall.
FW='iptables -t filter '
# main
{
$FW -A INPUT -i lo -j ACCEPT;
$FW -A INPUT -p icmp -s 10.x.x.x/16 -j ACCEPT;
$FW -A INPUT -p tcp -s 10.x.x.x/16 -m state --state NEW --dport 22 -j ACCEPT;
$FW -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
$FW -A INPUT -j REJECT --reject-with icmp-host-prohibited;
$FW -A OUTPUT -p tcp -m state --state NEW -s 10.x.x.x/16 -d facebook.com \
-j REJECT --reject-with icmp-host-prohibited
$FW -P INPUT DROP;
$FW -P FORWARD DROP;
exit 0;
}
===
---
Regards
-Prasad
http://feedmug.com
More information about the devel
mailing list