| 1 |
On Tue, Oct 6, 2015 at 3:14 PM, James <wireless@×××××××××××.com> wrote: |
| 2 |
> |
| 3 |
> #!/bin/bash |
| 4 |
> # A basic stateful firewall for a workstation or laptop that isn't running any |
| 5 |
> # network services like a web server, SMTP server, ftp server, etc. |
| 6 |
> |
| 7 |
> if [ "$1" = "start" ] |
| 8 |
> then |
| 9 |
> echo "Starting firewall..." |
| 10 |
> iptables -P INPUT DROP |
| 11 |
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
| 12 |
> elif [ "$1" = "stop" ] |
| 13 |
> then |
| 14 |
> echo "Stopping firewall..." |
| 15 |
> iptables -F INPUT |
| 16 |
> iptables -P INPUT ACCEPT |
| 17 |
> fi |
| 18 |
|
| 19 |
Since you're starting from scratch, you might want to replace "-m |
| 20 |
state --state" by "-m conntrack --ctstate" because the former's |
| 21 |
deprecated and is now an alias to the latter. |
Archives