Quick and dirty ipchains
Yes, that old... ipchains, you read it well.
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
:input ACCEPT
:forward ACCEPT
:output ACCEPT
# Loopback
-A input -i lo -s 0/0 -d 0/0 -j ACCEPT
# Ping
-A input -i eth0 -s 0/0 -d $DEST -p icmp --icmp-type 8 -j ACCEPT
# Allow everything LAN
-A input -i eth0 -s $LAN -d $DEST 0:65535 -p tcp -j ACCEPT
-A input -i eth0 -s $LAN -d $DEST 0:65535 -p udp -j ACCEPT
# SSH
-A input -i eth0 -s $SRC1 -d $DEST 22 -p tcp -y -j ACCEPT
-A input -i eth0 -s $SRC2 -d $DEST 22 -p tcp -y -j ACCEPT
-A input -i eth0 -s $SRC3 -d $DEST 22 -p tcp -y -j ACCEPT
-A input -i eth0 -s $SRC4 -d $DEST 22 -p tcp -y -j ACCEPT
# DNS
-A input -i eth0 -s 0/0 53 -d $DEST 1024:65535 -p tcp -j ACCEPT
-A input -i eth0 -s 0/0 53 -d $DEST 1024:65535 -p udp -j ACCEPT
# Close down
-A input -i eth0 -s 0/0 -d $DEST -p udp -j DENY
-A input -i eth0 -s 0/0 -d $DEST -p tcp -y -j DENY
# EoF #
posted by hictio at 12:13 PM
0 Comments:
Post a Comment
<< Home