1 |
Hello, |
2 |
|
3 |
I just ran across this page: |
4 |
|
5 |
http://gentoo-en.vfose.ru/wiki/Iptables/Iptables_and_stateful_firewalls#State_basics |
6 |
|
7 |
It has a basic firewall using iptables. |
8 |
Not bad for a generic firewall on a openrc workstation. |
9 |
What is the best way to auto lauch this sort of firewall.sh ? |
10 |
|
11 |
Any improvements in this basic workstation firewall |
12 |
everything out, nothing in? |
13 |
A simple rule for ssh in only from the local lan |
14 |
(use 192.168.100.100 for example rule(s). |
15 |
|
16 |
|
17 |
................................... |
18 |
firewall.sh |
19 |
................................... |
20 |
#!/bin/bash |
21 |
# A basic stateful firewall for a workstation or laptop that isn't running any |
22 |
# network services like a web server, SMTP server, ftp server, etc. |
23 |
|
24 |
if [ "$1" = "start" ] |
25 |
then |
26 |
echo "Starting firewall..." |
27 |
iptables -P INPUT DROP |
28 |
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
29 |
elif [ "$1" = "stop" ] |
30 |
then |
31 |
echo "Stopping firewall..." |
32 |
iptables -F INPUT |
33 |
iptables -P INPUT ACCEPT |
34 |
fi |
35 |
............................ |
36 |
|
37 |
just launched manually as a script. |
38 |
|
39 |
|
40 |
Any good tools to quickly test this firewall from another local workstation? |
41 |
|
42 |
|
43 |
wwr, |
44 |
James |