https://wiki.scott5.org/index.php?action=history&feed=atom&title=Firewall_Example Firewall Example - Revision history 2026-04-17T12:15:38Z Revision history for this page on the wiki MediaWiki 1.43.1 https://wiki.scott5.org/index.php?title=Firewall_Example&diff=636&oldid=prev Scott: Created page with '<pre> #!/bin/sh if [ -r /lib/lsb/init-functions ]; then . /lib/lsb/init-functions fi firewall_start() { # Flush all rules iptables -F INPUT iptables -F OUTPUT …' 2011-02-14T23:41:26Z <p>Created page with &#039;&lt;pre&gt; #!/bin/sh if [ -r /lib/lsb/init-functions ]; then . /lib/lsb/init-functions fi firewall_start() { # Flush all rules iptables -F INPUT iptables -F OUTPUT …&#039;</p> <p><b>New page</b></p><div>&lt;pre&gt;<br /> #!/bin/sh<br /> <br /> if [ -r /lib/lsb/init-functions ]; then<br /> . /lib/lsb/init-functions<br /> fi<br /> <br /> firewall_start()<br /> {<br /> # Flush all rules<br /> iptables -F INPUT<br /> iptables -F OUTPUT<br /> iptables -F FORWARD<br /> <br /> # Default policies<br /> iptables -P INPUT DROP<br /> iptables -P OUTPUT ACCEPT<br /> iptables -P FORWARD DROP<br /> <br /> # Allow everything on the loopback network<br /> iptables -A INPUT -i lo -j ACCEPT<br /> <br /> # Allow ICMP<br /> iptables -A INPUT --protocol icmp -j ACCEPT<br /> <br /> # Allow everything from the home server<br /> iptables -A INPUT --source 123.45.67.89 -j ACCEPT<br /> <br /> # Allow established sessions<br /> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br /> <br /> # Allow incoming SSH sessions<br /> iptables -A INPUT --protocol tcp --dport 22 --source 123.45.0.0/16 -m state --state NEW -j ACCEPT<br /> <br /> # Allow incoming nfs4<br /> iptables -A INPUT --protocol tcp --dport 2049 --source 123.45.0.0/16 -m state --state NEW -j ACCEPT<br /> <br /> # Allow samba<br /> iptables -A INPUT --protocol tcp --dport 139 --source 123.45.0.0/16 -m state --state NEW -j ACCEPT<br /> iptables -A INPUT --protocol tcp --dport 445 --source 123.45.0.0/16 -m state --state NEW -j ACCEPT<br /> <br /> # Drop intranet broadcasts<br /> iptables -A INPUT --protocol udp --destination 123.45.67.255 -j DROP<br /> <br /> # Drop other packets<br /> iptables -A INPUT -j DROP<br /> iptables -A FORWARD -j DROP<br /> }<br /> <br /> firewall_stop()<br /> {<br /> # Flush all rules<br /> iptables -F INPUT<br /> iptables -F OUTPUT<br /> iptables -F FORWARD<br /> <br /> # Default policies<br /> iptables -P INPUT ACCEPT<br /> iptables -P OUTPUT ACCEPT<br /> iptables -P FORWARD ACCEPT<br /> }<br /> <br /> case &quot;$1&quot; in<br /> start)<br /> log_begin_msg &quot;Starting firewall...&quot;<br /> firewall_start<br /> log_end_msg 0<br /> ;;<br /> <br /> stop)<br /> log_begin_msg &quot;Stopping firewall...&quot;<br /> firewall_stop<br /> log_end_msg 0<br /> ;;<br /> <br /> restart)<br /> log_begin_msg &quot;Restarting firewall...&quot;<br /> firewall_stop<br /> firewall_start<br /> log_end_msg 0<br /> ;;<br /> <br /> *)<br /> echo &quot;Usage: $0 {start|stop|restart}&quot;<br /> exit 1<br /> esac<br /> &lt;/pre&gt;</div> Scott