next up previous
Next: Saving firewall rules and Up: Everything you always wanted Previous: Firewalling with ipchains (kernel

Example ipchains script


#!/bin/sh
#############################################
# flush old rules and set default policies
############################################
#flush rules
ipchains -F input
ipchains -F output
ipchains -F forward
########################################
#INBOUND RULES
########################################
#set default
ipchains -P input REJECT
#allow icmp
ipchains -A input -j ACCEPT -i eth0 -s 0/0 -d 0/0 -p icmp
#allow locahost
ipchains -A input -j ACCEPT -i lo -s any/0 -d any/0
#allow only ACK tcp packed (solicited return packets)
ipchains -A input -j ACCEPT -i eth0 -s any/0 --dport 1024:65535 -p tcp ! -y
#allow return from ssh connections (ACK only)
ipchains -A input -j ACCEPT -i eth0 -s any/0 22 -p tcp ! -y
#allow outgoing ftp requests 
ipchains -A input -j ACCEPT   -i eth0 -s any/0 20 --dport 1024:65535 -p tcp
#allow outbound DNS queries
ipchains -A input -j ACCEPT -i eth0 -s any/0 53 --dport 1024:65535 -p udp
#reject everything else
ipchains -A input -j REJECT -i eth0 -s any/0 -l



Troy Carter 2001-06-03