1 |
On Tue, Oct 6, 2015 at 3:14 PM, James <wireless@×××××××××××.com> wrote: |
2 |
> |
3 |
> #!/bin/bash |
4 |
> # A basic stateful firewall for a workstation or laptop that isn't running any |
5 |
> # network services like a web server, SMTP server, ftp server, etc. |
6 |
> |
7 |
> if [ "$1" = "start" ] |
8 |
> then |
9 |
> echo "Starting firewall..." |
10 |
> iptables -P INPUT DROP |
11 |
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
12 |
> elif [ "$1" = "stop" ] |
13 |
> then |
14 |
> echo "Stopping firewall..." |
15 |
> iptables -F INPUT |
16 |
> iptables -P INPUT ACCEPT |
17 |
> fi |
18 |
|
19 |
Since you're starting from scratch, you might want to replace "-m |
20 |
state --state" by "-m conntrack --ctstate" because the former's |
21 |
deprecated and is now an alias to the latter. |