Created
October 26, 2018 03:35
-
-
Save Geofferey/b74911052813675aa5cee654c76545b2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/system/xbin/bash | |
| ## A simple set of iptables firewall rules to | |
| # to block incoming connevtions on rooted | |
| # Android devices. | |
| ## Place this script in /su.d or /etc/init.d | |
| # to run at startup. | |
| ## Firat perform several checks to confirm | |
| # system is full booted. Not all of these | |
| # checks will pass on every device. | |
| until [[ $(getprop sys.boot_completed) = 1 ]]; do | |
| sleep 0 | |
| done | |
| until [[ $(getprop dev.bootcomplete) = 1 ]]; do | |
| sleep 0 | |
| done | |
| until [[ $(getprop service.bootanim.exit) = 1 ]]; do | |
| sleep 0 | |
| done | |
| until [[ $(getprop init.svc.bootanim) = stopped ]]; do | |
| sleep 0 | |
| done | |
| until [[ $(getprop sys.logbootcomplete) = 1 ]]; do | |
| sleep 0 | |
| done | |
| until [[ $(getprop init.svc.netd) = running ]]; do | |
| sleep 0 | |
| done | |
| until [[ $(getprop init.svc.netmgrd) = running ]]; do | |
| sleep 0 | |
| done | |
| ## Sleep for 60 cycles just to be sure. | |
| sleep 60 | |
| # Apply IPv4 Tables INBOUND Rules | |
| ip6tables -A INPUT -j DROP | |
| ip6tables -I INPUT -s fe80::/10 -j ACCEPT | |
| ip6tables -I INPUT -d ff02::/10 -j ACCEPT | |
| ip6tables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| # Apply IPv6 Tables | |
| iptables -A INPUT -j DROP | |
| iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| iptables -I INPUT -i lo -j ACCEPT | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment