diff options
author | Guillaume Cottenceau <gc@mandriva.com> | 2001-06-11 13:49:39 +0000 |
---|---|---|
committer | Guillaume Cottenceau <gc@mandriva.com> | 2001-06-11 13:49:39 +0000 |
commit | 0a121a8ecd6de894c14d60daf9da2022ec47405c (patch) | |
tree | 3705a0c51f96ffdd2a0594ef43a5677c926eb0cc /mdk-stage1/rp-pppoe/configs/firewall-masq | |
parent | ab5559aaabd1167a18ac882e64d97c5adc0e7d03 (diff) | |
download | drakx-0a121a8ecd6de894c14d60daf9da2022ec47405c.tar drakx-0a121a8ecd6de894c14d60daf9da2022ec47405c.tar.gz drakx-0a121a8ecd6de894c14d60daf9da2022ec47405c.tar.bz2 drakx-0a121a8ecd6de894c14d60daf9da2022ec47405c.tar.xz drakx-0a121a8ecd6de894c14d60daf9da2022ec47405c.zip |
Initial revision
Diffstat (limited to 'mdk-stage1/rp-pppoe/configs/firewall-masq')
-rw-r--r-- | mdk-stage1/rp-pppoe/configs/firewall-masq | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/mdk-stage1/rp-pppoe/configs/firewall-masq b/mdk-stage1/rp-pppoe/configs/firewall-masq new file mode 100644 index 000000000..cb16fbecf --- /dev/null +++ b/mdk-stage1/rp-pppoe/configs/firewall-masq @@ -0,0 +1,35 @@ +#!/bin/sh +# +# firewall-masq This script sets up firewall rules for a machine +# acting as a masquerading gateway +# +# Copyright (C) 2000 Roaring Penguin Software Inc. This software may +# be distributed under the terms of the GNU General Public License, version +# 2 or any later version. + +# Interface to Internet +EXTIF=ppp+ + +ANY=0.0.0.0/0 + +ipchains -P input ACCEPT +ipchains -P output ACCEPT +ipchains -P forward DENY + +ipchains -F forward +ipchains -F input +ipchains -F output + +# Deny TCP and UDP packets to privileged ports +ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p udp -j DENY +ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p tcp -j DENY + +# Deny TCP connection attempts +ipchains -A input -l -i $EXTIF -p tcp -y -j DENY + +# Deny ICMP echo-requests +ipchains -A input -l -i $EXTIF -s $ANY echo-request -p icmp -j DENY + +# Do masquerading +ipchains -A forward -j MASQ +echo 1 > /proc/sys/net/ipv4/ip_forward |