summaryrefslogtreecommitdiffstats
path: root/mdk-stage1/rp-pppoe/configs/firewall-standalone
diff options
context:
space:
mode:
Diffstat (limited to 'mdk-stage1/rp-pppoe/configs/firewall-standalone')
-rw-r--r--mdk-stage1/rp-pppoe/configs/firewall-standalone32
1 files changed, 32 insertions, 0 deletions
diff --git a/mdk-stage1/rp-pppoe/configs/firewall-standalone b/mdk-stage1/rp-pppoe/configs/firewall-standalone
new file mode 100644
index 000000000..bcb1e92b1
--- /dev/null
+++ b/mdk-stage1/rp-pppoe/configs/firewall-standalone
@@ -0,0 +1,32 @@
+#!/bin/sh
+#
+# firewall-standalone This script sets up firewall rules for a standalone
+# machine
+#
+# Copyright (C) 2000 Roaring Penguin Software Inc. This software may
+# be distributed under the terms of the GNU General Public License, version
+# 2 or any later version.
+
+# Interface to Internet
+EXTIF=ppp+
+
+ANY=0.0.0.0/0
+
+ipchains -P input ACCEPT
+ipchains -P output ACCEPT
+ipchains -P forward DENY
+
+ipchains -F forward
+ipchains -F input
+ipchains -F output
+
+# Deny TCP and UDP packets to privileged ports
+ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p udp -j DENY
+ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p tcp -j DENY
+
+# Deny TCP connection attempts
+ipchains -A input -l -i $EXTIF -p tcp -y -j DENY
+
+# Deny ICMP echo-requests
+ipchains -A input -l -i $EXTIF -s $ANY echo-request -p icmp -j DENY
+
generated by cgit v1.2.1 (git 2.21.0) at 2024-06-04 01:17:30 +0000