About F19 Firewall

Thomas Woerner twoerner at redhat.com
Fri Sep 20 14:17:21 UTC 2013


On 09/17/2013 07:21 AM, P J P wrote:
> ----- Original Message -----
>> From: P J P <pj.pandit at yahoo.co.in>
>> Subject: About F19 Firewall
>> It doesn't have to be so complicated that even if one tries to understand it, he/she can not. :(
>
>
>     This small script seems to work good.
>
> ===
> #!/bin/sh
> #
> # fw.sh: a basic drop unless allowed firewall.
>
> FW='iptables -t filter '
>
> # main
> {
>      $FW -A INPUT -i lo -j ACCEPT;
>      $FW -A INPUT -p icmp -s 10.x.x.x/16 -j ACCEPT;
>      $FW -A INPUT -p tcp  -s 10.x.x.x/16 -m state --state NEW --dport 22 -j ACCEPT;
>      $FW -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
>      $FW -A INPUT -j REJECT --reject-with icmp-host-prohibited;
>
>      $FW -A OUTPUT -p tcp -m state --state NEW -s 10.x.x.x/16 -d facebook.com \
>                      -j REJECT --reject-with icmp-host-prohibited
>
>      $FW -P INPUT DROP;
>      $FW -P FORWARD DROP;
>
>      exit 0;
> }
> ===
>
If a static firewall configuration fits your needs, just disable 
firewalld and use the ip*tables firewall services:

https://fedoraproject.org/wiki/FirewallD?rd=FirewallD/#Using_static_firewall_rules_with_the_iptables_and_ip6tables_services

BTW: If are not configuring an IPv6 firewall, I would highly recommend 
to either also add an IPv6 firewall with the ip6tables service or to 
deactivate IPv6 on your machine.

>
> ---
> Regards
>     -Prasad
> http://feedmug.com
>
Regards,
Thomas


More information about the devel mailing list