This is a sample firewall script for ip_tables with highly restrictive set of firewall rules.
This software review is on a script called "Sample firewall for ip_tables", which is a tool for managing firewalling and masquerading under the 2.3.x/2.4.x series of kernels. It's important to note that the firewall rules are very restrictive (as they should be for proper security), with anything that is not specifically allowed being both logged and dropped into /dev/null. As such, if you encounter issues with anything not working, it's highly advisable to check /var/log/messages.
If you're seeking a truly secure firewall, then this might be the closest option you'll get. The rules are strict, harsh, and can almost make your machine nearly invisible to the rest of the internet world, which is a boon for security professionals. To run this script, you must "chmod 700 iptables-script" and execute it. To prevent the script from running, execute "iptables -F".
The script is comprised of several code snippets. First, it loads the module by calling modprobe ip_tables and flushes old rules before deleting the firewall chain if it exists. It then sets up masquerading (while commenting it out by default), and sets up the firewall chain. This chain is established with the following rules: log all incoming traffic that matches the chain (with the prefix "Firewall"); drop all incoming traffic that matches the chain; accept input from localhost; accept input from your internal network; accept DNS, and a few other protocols, such as FTP and SSH.
Finally, anything that is not covered by the above-described rules will be sent to the firewall. Therefore, some networking or programming skills may be required to fine-tune the script to meet specific needs for different environments. Overall, this script is an excellent resource for those seeking a high level of security for their networks.
If you're seeking a truly secure firewall, then this might be the closest option you'll get. The rules are strict, harsh, and can almost make your machine nearly invisible to the rest of the internet world, which is a boon for security professionals. To run this script, you must "chmod 700 iptables-script" and execute it. To prevent the script from running, execute "iptables -F".
The script is comprised of several code snippets. First, it loads the module by calling modprobe ip_tables and flushes old rules before deleting the firewall chain if it exists. It then sets up masquerading (while commenting it out by default), and sets up the firewall chain. This chain is established with the following rules: log all incoming traffic that matches the chain (with the prefix "Firewall"); drop all incoming traffic that matches the chain; accept input from localhost; accept input from your internal network; accept DNS, and a few other protocols, such as FTP and SSH.
Finally, anything that is not covered by the above-described rules will be sent to the firewall. Therefore, some networking or programming skills may be required to fine-tune the script to meet specific needs for different environments. Overall, this script is an excellent resource for those seeking a high level of security for their networks.
What's New