Find the answer to your Linux question:
Results 1 to 2 of 2
Hey guys, I'm entirely new to iptables, but I've managed to write a little script. I'd like reviews on anything I've missed or done incorrectly before I run it so ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2004
    Location
    Pittsburgh, PA, USA
    Posts
    28

    IPtables Script Review Requested


    Hey guys, I'm entirely new to iptables, but I've managed to write a little script. I'd like reviews on anything I've missed or done incorrectly before I run it so I don't lock myself out of the machine. Here goes:

    Code:
    #!/bin/sh
    IPTABLES=/usr/sbin/iptables
    echo 0 > /proc/sys/net/ipv4/ip_forward
    #flush current rules
    $IPTABLES -F
    $IPTABLES -P INPUT DROP
    $IPTABLES -P FORWARD DROP
    $IPTABLES -P OUTPUT ACCEPT
    $IPTABLES -A INPUT -j ACCEPT -p tcp --dport 80
    $IPTABLES -A INPUT -j ACCEPT -p tcp --dport 21
    $IPTABLES -A INPUT -j ACCEPT -p tcp --dport 110
    $IPTABLES -A INPUT -j ACCEPT -p tcp --dport 25 
    $IPTABLES -A INPUT -j ACCEPT -p tcp --dport 22
    $IPTABLES -A INPUT -j ACCEPT -p tcp --dport 53
    $IPTABLES -A INPUT -j ACCEPT -p udp --dport 53
    Anything I've forgotten? This is a machine that won't need to be routing anything. Also, should I just install iptables with apt-get install iptables? And then how would I go about getting my iptables script to initialize on system startup?

  2. #2
    Linux Guru sarumont's Avatar
    Join Date
    Apr 2003
    Location
    /dev/urandom
    Posts
    3,682
    Looks good from here. Nice simple firewall.
    "Time is an illusion. Lunchtime, doubly so."
    ~Douglas Adams, The Hitchhiker's Guide to the Galaxy

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •