Tightly secured firewall for general use
Sponsored Links
Tightly secured firewall for general use Ranking & Summary
File size:
MB
Platform:
Any Platform
License:
GPL (GNU General Public License)
Price:
Downloads:
983
Date added:
2007-02-14
Publisher:
Packetstorm
Tightly secured firewall for general use description
Tightly secured firewall for general use is an iptables firewall script.
Sample:
#!/bin/sh
echo "Initializing modules..."
cd /lib/modules/2.4.1/kernel/net/ipv4/netfilter
insmod ip_tables
insmod ip_conntrack
insmod ipt_state
insmod ipt_limit
#insmod iptable_mangle
#insmod ipt_PERS
echo "Flushing rules.."
#iptables -F PREROUTING
#iptables -t mangle -F OUTPUT
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
if [ "$1" == "start" ]; then
echo "Setting up spoof protection..."
for blah in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo "1" > $blah
done
echo "Setting default routes..."
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
echo "Configuring external interface rulesets..."
#iptables -t mangle -A PREROUTING -j PERS --local --tweak dst --conf /etc/win9x.conf
#iptables -t mangle -A OUTPUT -j PERS --local --tweak src --conf /etc/win9x.conf
iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP
iptables -A INPUT -i eth0 -s 10.0.0.0/8 -j DROP
iptables -A INPUT -i eth0 -s 255.255.255.255/32 -j DROP
iptables -A INPUT -i eth0 -s 0.0.0.0/8 -j DROP
iptables -A INPUT -i eth0 -s 169.254.0.0/16 -j DROP
iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROP
iptables -A INPUT -i eth0 -s 192.0.2.0/24 -j DROP
iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j DROP
iptables -A INPUT -i eth0 -s 224.0.0.0/4 -j DROP
iptables -A INPUT -i eth0 -s 240.0.0.0/5 -j DROP
iptables -A INPUT -i eth0 -s 248.0.0.0/5 -j DROP
iptables -A INPUT -i eth0 -f -j DROP
iptables -A INPUT -i eth0 -p TCP -m state --state INVALID -j DROP
iptables -A INPUT -i eth0 -p TCP --syn -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 20 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 23 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 113 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A INPUT -i eth0 -p TCP -s 0/0 --sport 1024:5000 -d 0/0 --dport 1998 -j ACCEPT
#iptables -A INPUT -i eth0 -p TCP -s 0/0 --sport 1024:5000 -d 0/0 --dport 1999 -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --dport 32768:61000 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 20 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 23 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 113 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 1998 -j ACCEPT
#iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 1999 -j ACCEPT
#iptables -A INPUT -i eth0 -p UDP -j DENY
iptables -A INPUT -i eth0 -p UDP -s 0/0 --sport 53 -j ACCEPT
#iptables -A INPUT -i eth0 -p UDP -s 0/0 --dport 53 -j ACCEPT
#iptables -A INPUT -i eth0 -p UDP -s 0/0 --sport 161 -j ACCEPT
iptables -A INPUT -i eth0 -p UDP -s 0/0 --sport ntp -j ACCEPT
iptables -A INPUT -i eth0 -p UDP -s 0/0 --dport ntp -j ACCEPT
iptables -A INPUT -i eth0 -p ICMP --icmp-type echo-reply -j ACCEPT
echo "Configuring routing rulesets..."
iptables -A FORWARD -i eth0 -d 205.188.153.139/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.153.140/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.153.141/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.7.168/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.7.164/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.7.178/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.7.172/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.7.176/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.5.208/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.4.159/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.3.160/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.3.176/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.5.204/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.153.139/32 -j DROP
iptables -A FORWARD -i eth0 -d 209.185.128.132/32 -j DROP
iptables -A FORWARD -i eth0 -d 152.163.241.128/32 -j DROP
iptables -A FORWARD -i eth0 -d 152.163.242.24/32 -j DROP
iptables -A FORWARD -i eth0 -d 152.163.242.28/32 -j DROP
iptables -A FORWARD -i eth0 -d 152.163.241.120/32 -j DROP
iptables -A FORWARD -i eth0 -p TCP --sport 1024: --dport 9898 -j DROP
iptables -A FORWARD -i eth0 -d 10.0.0.0/8 -j DROP
iptables -A FORWARD -i eth0 -d 127.0.0.0/8 -j DROP
iptables -A FORWARD -i eth0 -p igmp -j DROP
iptables -A FORWARD -i eth0 -p TCP --syn -m limit --limit 10/s -j ACCEPT
iptables -A FORWARD -i eth0 -p TCP --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 10/s -j ACCEPT
echo "Configuring internal interface rulesets..."
iptables -A INPUT -i lo -j ACCEPT
echo "IPtables firewall configuration completed."
fi
Sample:
#!/bin/sh
echo "Initializing modules..."
cd /lib/modules/2.4.1/kernel/net/ipv4/netfilter
insmod ip_tables
insmod ip_conntrack
insmod ipt_state
insmod ipt_limit
#insmod iptable_mangle
#insmod ipt_PERS
echo "Flushing rules.."
#iptables -F PREROUTING
#iptables -t mangle -F OUTPUT
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
if [ "$1" == "start" ]; then
echo "Setting up spoof protection..."
for blah in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo "1" > $blah
done
echo "Setting default routes..."
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
echo "Configuring external interface rulesets..."
#iptables -t mangle -A PREROUTING -j PERS --local --tweak dst --conf /etc/win9x.conf
#iptables -t mangle -A OUTPUT -j PERS --local --tweak src --conf /etc/win9x.conf
iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP
iptables -A INPUT -i eth0 -s 10.0.0.0/8 -j DROP
iptables -A INPUT -i eth0 -s 255.255.255.255/32 -j DROP
iptables -A INPUT -i eth0 -s 0.0.0.0/8 -j DROP
iptables -A INPUT -i eth0 -s 169.254.0.0/16 -j DROP
iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROP
iptables -A INPUT -i eth0 -s 192.0.2.0/24 -j DROP
iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j DROP
iptables -A INPUT -i eth0 -s 224.0.0.0/4 -j DROP
iptables -A INPUT -i eth0 -s 240.0.0.0/5 -j DROP
iptables -A INPUT -i eth0 -s 248.0.0.0/5 -j DROP
iptables -A INPUT -i eth0 -f -j DROP
iptables -A INPUT -i eth0 -p TCP -m state --state INVALID -j DROP
iptables -A INPUT -i eth0 -p TCP --syn -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 20 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 23 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 113 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 1024:5000 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A INPUT -i eth0 -p TCP -s 0/0 --sport 1024:5000 -d 0/0 --dport 1998 -j ACCEPT
#iptables -A INPUT -i eth0 -p TCP -s 0/0 --sport 1024:5000 -d 0/0 --dport 1999 -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --dport 32768:61000 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 20 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 23 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 113 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 1998 -j ACCEPT
#iptables -A INPUT -i eth0 -p TCP --sport 32768:61000 --dport 1999 -j ACCEPT
#iptables -A INPUT -i eth0 -p UDP -j DENY
iptables -A INPUT -i eth0 -p UDP -s 0/0 --sport 53 -j ACCEPT
#iptables -A INPUT -i eth0 -p UDP -s 0/0 --dport 53 -j ACCEPT
#iptables -A INPUT -i eth0 -p UDP -s 0/0 --sport 161 -j ACCEPT
iptables -A INPUT -i eth0 -p UDP -s 0/0 --sport ntp -j ACCEPT
iptables -A INPUT -i eth0 -p UDP -s 0/0 --dport ntp -j ACCEPT
iptables -A INPUT -i eth0 -p ICMP --icmp-type echo-reply -j ACCEPT
echo "Configuring routing rulesets..."
iptables -A FORWARD -i eth0 -d 205.188.153.139/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.153.140/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.153.141/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.7.168/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.7.164/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.7.178/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.7.172/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.7.176/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.5.208/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.4.159/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.3.160/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.3.176/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.5.204/32 -j DROP
iptables -A FORWARD -i eth0 -d 205.188.153.139/32 -j DROP
iptables -A FORWARD -i eth0 -d 209.185.128.132/32 -j DROP
iptables -A FORWARD -i eth0 -d 152.163.241.128/32 -j DROP
iptables -A FORWARD -i eth0 -d 152.163.242.24/32 -j DROP
iptables -A FORWARD -i eth0 -d 152.163.242.28/32 -j DROP
iptables -A FORWARD -i eth0 -d 152.163.241.120/32 -j DROP
iptables -A FORWARD -i eth0 -p TCP --sport 1024: --dport 9898 -j DROP
iptables -A FORWARD -i eth0 -d 10.0.0.0/8 -j DROP
iptables -A FORWARD -i eth0 -d 127.0.0.0/8 -j DROP
iptables -A FORWARD -i eth0 -p igmp -j DROP
iptables -A FORWARD -i eth0 -p TCP --syn -m limit --limit 10/s -j ACCEPT
iptables -A FORWARD -i eth0 -p TCP --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 10/s -j ACCEPT
echo "Configuring internal interface rulesets..."
iptables -A INPUT -i lo -j ACCEPT
echo "IPtables firewall configuration completed."
fi
Tightly secured firewall for general use Screenshot
Advertisements
Tightly secured firewall for general use Keywords
INPUT
ACCEPT
DROP
FORWARD
ESTABLISHED
NEW
iptables firewall script
For General
general use
iptables firewall
firewall script
Iptables
-J
-i
-P
TCP
Bookmark Tightly secured firewall for general use
Tightly secured firewall for general use Copyright
WareSeeker periodically updates pricing and software information of Tightly secured firewall for general use full version from the publisher, so some information may be slightly out-of-date. You should confirm all information before relying on it. Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future development of Tightly secured firewall for general use Edition. Download links are directly from our publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
Featured Software
Want to place your software product here?
Please contact us for consideration.
Contact WareSeeker.com
Related Information
legal general useless
living room general use
general use of ascorbic acid
general uses of statistics
iptables firewall script generator
general use halogen bulb watts
general uses of computer
general uses of protein in an organism
general user list
iptables firewall scripts
general used cars
general uses of sulfur
general use 10
general users
general user interface
certificate of origin for general use
Toxicity Class
general conditions use
Related Software
The PHP Firewall Generator is a simple PHP script that generates a firewall script for iptables or ipchains based firewalls. Free Download
Easy Firewall Generator for IPTables simply generate script for setting iptables. Free Download
Turtle Firewall is a firewall configuration project based on Linux 2.4.x and iptables. Free Download
HardWall Firewall is an iptables firewall script that provides port forwarding, packet filtering, stateful packet inspection. Free Download
Very restrictive set of firewall rules script is a sample firewall for ip_tables. Free Download
NATting SOHO firewall is a firewall script for iptables. Free Download
IPTABLES masquerading firewall is a self contained script that enables and sets basic masquerading at boot time. Free Download
iptables firewall script is an Linux firewall based on the iptables software. Free Download
Latest Software
Popular Software
Favourite Software
