Re: Contribution to Slitaz - firewall.conf

[ Thread Index | Date Index | More Archives ]

Oups I forget to add the file with my send.
# /etc/firewall.conf: SliTaz firewall configuration.
# Config file used by: /etc/init.d/

# Network interface.

# Enable/disable kernel security.

# Enable/disable iptables rules (iptables package must be installed). 

# Netfilter/iptables rules.
# This shell function is included in /etc/init.d/
# to start iptables rules.

# Drop all input connections.
iptables -P INPUT DROP

# Drop all output connections.
iptables -P OUTPUT DROP

# Drop all forward connections.
iptables -P FORWARD DROP

# Accept input on localhost (
iptables -A INPUT -i lo -j ACCEPT

# Accept input on the local network (
iptables -A INPUT -s -j ACCEPT

# Accept near all output trafic.
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# Accept input trafic only for connections initialized by user.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# If you manage a server you can accept input for non-established connections an some ports.
# Accept input on port 80 for the HTTP server.
# iptables -A INPUT -i $INTERFACE -p tcp --source-port 80 -j ACCEPT

# Accept input on port 22 for SSH.
# iptables -A INPUT -i $INTERFACE -p tcp --destination-port 22 -j ACCEPT

# Accept port 21 and, 1024 to 60310 for FTP.
# iptables -A INPUT -i $INTERFACE -p tcp --destination-port 21 -j ACCEPT
# iptables -A INPUT -i $INTERFACE -p tcp --destination-port 1024:60310 -j ACCEPT

# Accept port 6667 for IRC chat.
# iptables -A INPUT -i $INTERFACE -p tcp --source-port 6667 -j ACCEPT

# Accept unprivileged ports.
# iptables -A INPUT -i $INTERFACE -p udp --destination-port 1024:65535 -j ACCEPT

# Accept ping.
# iptables -A INPUT -i $INTERFACE -p icmp -j ACCEPT

Mail converted by MHonArc 2.6.19+