1#!/bin/sh 2# 3# firewall-standalone This script sets up firewall rules for a standalone 4# machine 5# 6# Copyright (C) 2005 Roaring Penguin Software Inc. This software may 7# be distributed under the terms of the GNU General Public License, version 8# 2 or any later version. 9# LIC: GPL 10 11# Interface to Internet 12EXTIF=ppp+ 13 14iptables -P INPUT ACCEPT 15iptables -P OUTPUT ACCEPT 16iptables -P FORWARD DROP 17 18iptables -F FORWARD 19iptables -F INPUT 20iptables -F OUTPUT 21 22# Deny TCP and UDP packets to privileged ports 23iptables -A INPUT -p udp -i $EXTIF --dport 0:1023 -j LOG 24iptables -A INPUT -p tcp -i $EXTIF --dport 0:1023 -j LOG 25iptables -A INPUT -p udp -i $EXTIF --dport 0:1023 -j DROP 26iptables -A INPUT -p tcp -i $EXTIF --dport 0:1023 -j DROP 27 28# Deny TCP connection attempts 29iptables -A INPUT -i $EXTIF -p tcp --syn -j LOG 30iptables -A INPUT -i $EXTIF -p tcp --syn -j DROP 31 32# Deny ICMP echo-requests 33iptables -A INPUT -i $EXTIF -p icmp --icmp-type echo-request -j DROP 34 35