summaryrefslogtreecommitdiffstats
path: root/mdk-stage1/rp-pppoe/configs/firewall-masq
diff options
context:
space:
mode:
authorGuillaume Cottenceau <gc@mandriva.com>2001-06-11 13:49:39 +0000
committerGuillaume Cottenceau <gc@mandriva.com>2001-06-11 13:49:39 +0000
commit0a121a8ecd6de894c14d60daf9da2022ec47405c (patch)
tree3705a0c51f96ffdd2a0594ef43a5677c926eb0cc /mdk-stage1/rp-pppoe/configs/firewall-masq
parentab5559aaabd1167a18ac882e64d97c5adc0e7d03 (diff)
downloaddrakx-backup-do-not-use-0a121a8ecd6de894c14d60daf9da2022ec47405c.tar
drakx-backup-do-not-use-0a121a8ecd6de894c14d60daf9da2022ec47405c.tar.gz
drakx-backup-do-not-use-0a121a8ecd6de894c14d60daf9da2022ec47405c.tar.bz2
drakx-backup-do-not-use-0a121a8ecd6de894c14d60daf9da2022ec47405c.tar.xz
drakx-backup-do-not-use-0a121a8ecd6de894c14d60daf9da2022ec47405c.zip
Initial revision
Diffstat (limited to 'mdk-stage1/rp-pppoe/configs/firewall-masq')
-rw-r--r--mdk-stage1/rp-pppoe/configs/firewall-masq35
1 files changed, 35 insertions, 0 deletions
diff --git a/mdk-stage1/rp-pppoe/configs/firewall-masq b/mdk-stage1/rp-pppoe/configs/firewall-masq
new file mode 100644
index 000000000..cb16fbecf
--- /dev/null
+++ b/mdk-stage1/rp-pppoe/configs/firewall-masq
@@ -0,0 +1,35 @@
+#!/bin/sh
+#
+# firewall-masq This script sets up firewall rules for a machine
+# acting as a masquerading gateway
+#
+# Copyright (C) 2000 Roaring Penguin Software Inc. This software may
+# be distributed under the terms of the GNU General Public License, version
+# 2 or any later version.
+
+# Interface to Internet
+EXTIF=ppp+
+
+ANY=0.0.0.0/0
+
+ipchains -P input ACCEPT
+ipchains -P output ACCEPT
+ipchains -P forward DENY
+
+ipchains -F forward
+ipchains -F input
+ipchains -F output
+
+# Deny TCP and UDP packets to privileged ports
+ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p udp -j DENY
+ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p tcp -j DENY
+
+# Deny TCP connection attempts
+ipchains -A input -l -i $EXTIF -p tcp -y -j DENY
+
+# Deny ICMP echo-requests
+ipchains -A input -l -i $EXTIF -s $ANY echo-request -p icmp -j DENY
+
+# Do masquerading
+ipchains -A forward -j MASQ
+echo 1 > /proc/sys/net/ipv4/ip_forward
generated by cgit v1.2.1 (git 2.21.0) at 2024-06-14 18:28:38 +0000