Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Simple firewall + NAT _ 2
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
opentaka
l33t
l33t


Joined: 18 Feb 2005
Posts: 840
Location: Japan

PostPosted: Tue Apr 26, 2005 7:08 am    Post subject: Simple firewall + NAT _ 2 Reply with quote

here we go, simple firewall to protect your box.

Code:

#!/bin/sh
######################################################################
# Basic Firewall+NAT script Written By antiwmac no (c) copyleft 2005 #
######################################################################

# locate Iptables
IPTABLES=/sbin/iptables

#######################START CLEANING OLD IPTABLES CONFIG########################
$IPTABLES -F
#$IPTABLES -t nat -F
#$IPTABLES -X
#$IPTABLES -t nat -X
#$IPTABLES -F INPUT
######################DONE CLEANING OLD IPTABLES CONFIG##########################

###############################START BASIC CONFIG################################
#EXT_IF the interface that is connected to the internet, LAN_IF is interface connected to LAN
EXT_IF="eth2"
LAN_IF="eth0"
LAN_IF="eth1"
#Turn on the NAT internet sharing on eth2
$IPTABLES -A POSTROUTING -t nat -o eth2 -j MASQUERADE
#Turn on IP_forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
#Enable broadcast echo Protection
#echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
###############################DONE BASIC CONFIG#################################

##############################START FILTERING####################################
#diable icmp requests from other computer
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth2 -p icmp

#ACCEPT only "ESTABLISHED" conenctions on eth2(internet)
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth2 -p tcp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth2 -p udp


#Drop Bad request
$IPTABLES -A INPUT -m state --state INVALID -j DROP
$IPTABLES -A FORWARD -m state --state INVALID -j DROP

#Open Port
$IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT

#Stealth other ports
$IPTABLES -A INPUT -i eth2 -p tcp -m tcp --dport 0:20 -j DROP
$IPTABLES -A INPUT -i eth2 -p tcp -m tcp --dport 22:65301 -j DROP

##############################DONE FILTERING####################################

############################START IP FORWARDING CONF ###########################
#IP forwarding for "share"
$IPTABLES -t nat -A PREROUTING -p tcp -i eth2 --dport 12345 -j DNAT --to 192.168.0.2:12345
#############################DONE IP FORWARDING CONF###########################


#Return something for the boot command
echo firewall started


_________________
"Being defeated is often a temporary condition. Giving up is what makes it permanent" - Marilyn vos Savant
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum