iptables

iptables.sh

#!/bin/bash

### BEGIN INIT INFO
# Provides:             iptables
# Required-Start:       $syslog
# Required-Stop:        $syslog
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description:    Firewall
### END INIT INFO

# flush all chains
iptables -F

# set the default policy for each of the pre-defined chains
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# drop invalid packets
iptables -A INPUT -m state --state INVALID -j DROP

# see http://www.faqs.org/docs/iptables/newnotsyn.html
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

# accept anything on localhost
iptables -A INPUT -i lo -j ACCEPT

# accept ICMP packets
iptables -A INPUT -p icmp -j ACCEPT

# allow specific ports
iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 443 -j ACCEPT

# allow establishment of connections initialised by my outgoing packets
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT