| Re: Contribution to Slitaz - firewall.conf |
[ Thread Index |
Date Index
| More lists.tuxfamily.org/slitaz Archives
]
Oups I forget to add the file with my send.
# /etc/firewall.conf: SliTaz firewall configuration.
# Config file used by: /etc/init.d/firewall.sh
#
# Network interface.
INTERFACE="eth0"
# Enable/disable kernel security.
KERNEL_SECURITY="yes"
# Enable/disable iptables rules (iptables package must be installed).
IPTABLES_RULES="no"
# Netfilter/iptables rules.
# This shell function is included in /etc/init.d/firewall.sh
# to start iptables rules.
#
iptables_rules()
{
# Drop all input connections.
iptables -P INPUT DROP
# Drop all output connections.
iptables -P OUTPUT DROP
# Drop all forward connections.
iptables -P FORWARD DROP
# Accept input on localhost (127.0.0.1).
iptables -A INPUT -i lo -j ACCEPT
# Accept input on the local network (192.168.0.0/24).
iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
# Accept near all output trafic.
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Accept input trafic only for connections initialized by user.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# If you manage a server you can accept input for non-established connections an some ports.
# Accept input on port 80 for the HTTP server.
# iptables -A INPUT -i $INTERFACE -p tcp --source-port 80 -j ACCEPT
# Accept input on port 22 for SSH.
# iptables -A INPUT -i $INTERFACE -p tcp --destination-port 22 -j ACCEPT
# Accept port 21 and, 1024 to 60310 for FTP.
# iptables -A INPUT -i $INTERFACE -p tcp --destination-port 21 -j ACCEPT
# iptables -A INPUT -i $INTERFACE -p tcp --destination-port 1024:60310 -j ACCEPT
# Accept port 6667 for IRC chat.
# iptables -A INPUT -i $INTERFACE -p tcp --source-port 6667 -j ACCEPT
# Accept unprivileged ports.
# iptables -A INPUT -i $INTERFACE -p udp --destination-port 1024:65535 -j ACCEPT
# Accept ping.
# iptables -A INPUT -i $INTERFACE -p icmp -j ACCEPT
}