diff options
author | Guillaume Cottenceau <gc@mandriva.com> | 2001-06-11 13:49:39 +0000 |
---|---|---|
committer | Guillaume Cottenceau <gc@mandriva.com> | 2001-06-11 13:49:39 +0000 |
commit | 0a121a8ecd6de894c14d60daf9da2022ec47405c (patch) | |
tree | 3705a0c51f96ffdd2a0594ef43a5677c926eb0cc /mdk-stage1/rp-pppoe/configs/firewall-standalone | |
parent | ab5559aaabd1167a18ac882e64d97c5adc0e7d03 (diff) | |
download | drakx-0a121a8ecd6de894c14d60daf9da2022ec47405c.tar drakx-0a121a8ecd6de894c14d60daf9da2022ec47405c.tar.gz drakx-0a121a8ecd6de894c14d60daf9da2022ec47405c.tar.bz2 drakx-0a121a8ecd6de894c14d60daf9da2022ec47405c.tar.xz drakx-0a121a8ecd6de894c14d60daf9da2022ec47405c.zip |
Initial revision
Diffstat (limited to 'mdk-stage1/rp-pppoe/configs/firewall-standalone')
-rw-r--r-- | mdk-stage1/rp-pppoe/configs/firewall-standalone | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/mdk-stage1/rp-pppoe/configs/firewall-standalone b/mdk-stage1/rp-pppoe/configs/firewall-standalone new file mode 100644 index 000000000..bcb1e92b1 --- /dev/null +++ b/mdk-stage1/rp-pppoe/configs/firewall-standalone @@ -0,0 +1,32 @@ +#!/bin/sh +# +# firewall-standalone This script sets up firewall rules for a standalone +# machine +# +# Copyright (C) 2000 Roaring Penguin Software Inc. This software may +# be distributed under the terms of the GNU General Public License, version +# 2 or any later version. + +# Interface to Internet +EXTIF=ppp+ + +ANY=0.0.0.0/0 + +ipchains -P input ACCEPT +ipchains -P output ACCEPT +ipchains -P forward DENY + +ipchains -F forward +ipchains -F input +ipchains -F output + +# Deny TCP and UDP packets to privileged ports +ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p udp -j DENY +ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p tcp -j DENY + +# Deny TCP connection attempts +ipchains -A input -l -i $EXTIF -p tcp -y -j DENY + +# Deny ICMP echo-requests +ipchains -A input -l -i $EXTIF -s $ANY echo-request -p icmp -j DENY + |