1 |
On 6 October 2015 at 22:14, James <wireless@×××××××××××.com> wrote: |
2 |
> |
3 |
> Hello, |
4 |
> |
5 |
> I just ran across this page: |
6 |
> |
7 |
> http://gentoo-en.vfose.ru/wiki/Iptables/Iptables_and_stateful_firewalls#State_basics |
8 |
> |
9 |
> It has a basic firewall using iptables. |
10 |
> Not bad for a generic firewall on a openrc workstation. |
11 |
> What is the best way to auto lauch this sort of firewall.sh ? |
12 |
> |
13 |
> Any improvements in this basic workstation firewall |
14 |
> everything out, nothing in? |
15 |
> A simple rule for ssh in only from the local lan |
16 |
> (use 192.168.100.100 for example rule(s). |
17 |
> |
18 |
> |
19 |
|
20 |
Hi, |
21 |
|
22 |
I suggest you look into firehol package. |
23 |
It creates iptables rules out of human readable policy. |
24 |
|
25 |
Regards, |
26 |
Alon |
27 |
|
28 |
> ................................... |
29 |
> firewall.sh |
30 |
> ................................... |
31 |
> #!/bin/bash |
32 |
> # A basic stateful firewall for a workstation or laptop that isn't running any |
33 |
> # network services like a web server, SMTP server, ftp server, etc. |
34 |
> |
35 |
> if [ "$1" = "start" ] |
36 |
> then |
37 |
> echo "Starting firewall..." |
38 |
> iptables -P INPUT DROP |
39 |
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
40 |
> elif [ "$1" = "stop" ] |
41 |
> then |
42 |
> echo "Stopping firewall..." |
43 |
> iptables -F INPUT |
44 |
> iptables -P INPUT ACCEPT |
45 |
> fi |
46 |
> ............................ |
47 |
> |
48 |
> just launched manually as a script. |
49 |
> |
50 |
> |
51 |
> Any good tools to quickly test this firewall from another local workstation? |
52 |
> |
53 |
> |
54 |
> wwr, |
55 |
> James |
56 |
> |
57 |
> |