Re: Contribution to Slitaz - firewall.conf

[ Thread Index | Date Index | More lists.tuxfamily.org/slitaz Archives ]


Oups I forget to add the file with my send.
# /etc/firewall.conf: SliTaz firewall configuration.
# Config file used by: /etc/init.d/firewall.sh
#

# Network interface.
INTERFACE="eth0"

# Enable/disable kernel security.
KERNEL_SECURITY="yes"

# Enable/disable iptables rules (iptables package must be installed). 
IPTABLES_RULES="no"

# Netfilter/iptables rules.
# This shell function is included in /etc/init.d/firewall.sh
# to start iptables rules.
#
iptables_rules()
{

# Drop all input connections.
iptables -P INPUT DROP

# Drop all output connections.
iptables -P OUTPUT DROP

# Drop all forward connections.
iptables -P FORWARD DROP

# Accept input on localhost (127.0.0.1).
iptables -A INPUT -i lo -j ACCEPT

# Accept input on the local network (192.168.0.0/24).
iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT

# Accept near all output trafic.
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# Accept input trafic only for connections initialized by user.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# If you manage a server you can accept input for non-established connections an some ports.
# Accept input on port 80 for the HTTP server.
# iptables -A INPUT -i $INTERFACE -p tcp --source-port 80 -j ACCEPT

# Accept input on port 22 for SSH.
# iptables -A INPUT -i $INTERFACE -p tcp --destination-port 22 -j ACCEPT

# Accept port 21 and, 1024 to 60310 for FTP.
# iptables -A INPUT -i $INTERFACE -p tcp --destination-port 21 -j ACCEPT
# iptables -A INPUT -i $INTERFACE -p tcp --destination-port 1024:60310 -j ACCEPT

# Accept port 6667 for IRC chat.
# iptables -A INPUT -i $INTERFACE -p tcp --source-port 6667 -j ACCEPT

# Accept unprivileged ports.
# iptables -A INPUT -i $INTERFACE -p udp --destination-port 1024:65535 -j ACCEPT

# Accept ping.
# iptables -A INPUT -i $INTERFACE -p icmp -j ACCEPT
}



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/