vhata · December 4, 2012 11:01
diff --git a/firewall.sh b/firewall.sh
 #!/bin/sh
 # Provides:          firewall
 # Short-Description: Firewall script
 # Description:       Sets up iptables rules

 IPT=/sbin/iptables
 IF="eth0"
 MY_IP="1.2.3.4"

 d_start() {
 	# Temporarily set default policy to accept
 	$IPT -P INPUT ACCEPT
 	# Flush input chain
 	$IPT -F INPUT

 	# Allow related packets
 	$IPT -A INPUT -i $IF -m state --state ESTABLISHED,RELATED -j ACCEPT

 	# Accept all traffic from the local network
 	$IPT -A INPUT -i $IF -s ${MY_IP}/30 -j ACCEPT
 	$IPT -A INPUT -i lo -s 127.0.0.1/8 -j ACCEPT
 	$IPT -A INPUT -i lo -j ACCEPT

 	# limit icmp
 	$IPT -A INPUT -i $IF -p icmp ! -f -m limit --limit 100/second --limit-burst 50 -j ACCEPT
 	$IPT -A INPUT -i $IF -p icmp -j DROP

 	# Open specific ports to the world
 	$IPT -A INPUT -i $IF -m state --state NEW -p tcp --syn --destination-port 23 -j ACCEPT
 	$IPT -A INPUT -i $IF -m state --state NEW -p tcp --syn --destination-port 6668 -j ACCEPT
 	$IPT -A INPUT -i $IF -m state --state NEW -p tcp --syn --destination-port 10025 -j ACCEPT
 	$IPT -A INPUT -i $IF -m state --state NEW -p tcp --syn --destination-port 3128 -j ACCEPT
 	$IPT -A INPUT -i $IF -m state --state NEW -p tcp --syn --destination-port 443 -j ACCEPT
 	$IPT -A INPUT -i $IF -m state --state NEW -p tcp --syn --destination-port 80 -j ACCEPT
 	$IPT -A INPUT -i $IF -m state --state NEW -p tcp --syn --destination-port 9875 -j ACCEPT

 	# Reject everything else
 	$IPT -P INPUT DROP
 }

 d_stop() {
 	# Set default policy to accept, and flush
 	$IPT -P INPUT ACCEPT
 	$IPT -F INPUT
 }

 case "$1" in
 	start)
 		echo -n "Starting firewall"
 		d_start
 		echo "."
 	;;
 	stop)
 		echo -n "Stopping firewall"
 		d_stop
 		echo "."
 	;;
 	restart)
 		echo -n "Restarting firewall"
 		d_stop
 		d_start
 		echo "."
 	;;
 	*)
 		echo "Usage: $0 {start|stop|restart}" >&2
 		exit 3
 	;;
 esac

 exit 0
	#!/bin/sh
	# Provides: firewall
	# Short-Description: Firewall script
	# Description: Sets up iptables rules

	IPT=/sbin/iptables
	IF="eth0"
	MY_IP="1.2.3.4"

	d_start() {
	# Temporarily set default policy to accept
	$IPT -P INPUT ACCEPT
	# Flush input chain
	$IPT -F INPUT

	# Allow related packets
	$IPT -A INPUT -i $IF -m state --state ESTABLISHED,RELATED -j ACCEPT

	# Accept all traffic from the local network
	$IPT -A INPUT -i $IF -s ${MY_IP}/30 -j ACCEPT
	$IPT -A INPUT -i lo -s 127.0.0.1/8 -j ACCEPT
	$IPT -A INPUT -i lo -j ACCEPT

	# limit icmp
	$IPT -A INPUT -i $IF -p icmp ! -f -m limit --limit 100/second --limit-burst 50 -j ACCEPT
	$IPT -A INPUT -i $IF -p icmp -j DROP

	# Open specific ports to the world
	$IPT -A INPUT -i $IF -m state --state NEW -p tcp --syn --destination-port 23 -j ACCEPT
	$IPT -A INPUT -i $IF -m state --state NEW -p tcp --syn --destination-port 6668 -j ACCEPT
	$IPT -A INPUT -i $IF -m state --state NEW -p tcp --syn --destination-port 10025 -j ACCEPT
	$IPT -A INPUT -i $IF -m state --state NEW -p tcp --syn --destination-port 3128 -j ACCEPT
	$IPT -A INPUT -i $IF -m state --state NEW -p tcp --syn --destination-port 443 -j ACCEPT
	$IPT -A INPUT -i $IF -m state --state NEW -p tcp --syn --destination-port 80 -j ACCEPT
	$IPT -A INPUT -i $IF -m state --state NEW -p tcp --syn --destination-port 9875 -j ACCEPT

	# Reject everything else
	$IPT -P INPUT DROP
	}

	d_stop() {
	# Set default policy to accept, and flush
	$IPT -P INPUT ACCEPT
	$IPT -F INPUT
	}

	case "$1" in
	start)
	echo -n "Starting firewall"
	d_start
	echo "."
	;;
	stop)
	echo -n "Stopping firewall"
	d_stop
	echo "."
	;;
	restart)
	echo -n "Restarting firewall"
	d_stop
	d_start
	echo "."
	;;
	*)
	echo "Usage: $0 {start\|stop\|restart}" >&2
	exit 3
	;;
	esac

	exit 0