#!/bin/sh# firewall# chkconfig: 3 21 91# description: Starts, stops iptabl

1. #!/bin/sh
2. # firewall
3. # chkconfig: 3 21 91
4. # description: Starts, stops iptables firewall
5.  
6. case "$1" in
7. start)
8.  
9. # Clear rules
10. iptables -t filter -F
11. iptables -t filter -X
12. echo - Clear rules : [OK]
13.  
14. # SSH In
15. iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
16. echo - SSH : [OK]
17.  
18. # Don't break established connections
19. iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
20. iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
21. echo - established connections : [OK]
22.  
23.  
24. # SYN-Flood Protection
25. iptables -N syn-flood
26. iptables -A syn-flood -m limit --limit 10/second --limit-burst 50 -j RETURN
27. iptables -A syn-flood -j LOG --log-prefix "SYN FLOOD: "
28. iptables -A syn-flood -j DROP
29. echo - SYN-Flood Protection : [OK]
30.  
31. # Loopback
32. iptables -t filter -A INPUT -i lo -j ACCEPT
33. iptables -t filter -A OUTPUT -o lo -j ACCEPT
34. echo - Loopback : [OK]
35.  
36. # ICMP (Ping)
37. iptables -t filter -A INPUT -p icmp -j ACCEPT
38. iptables -t filter -A OUTPUT -p icmp -j ACCEPT
39. echo - PING : [OK]
40.  
41. # DNS In/Out
42. iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
43. iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
44. iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
45. iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
46. echo - DNS : [OK]
47.  
48. # NTP Out
49. iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
50. echo - NTP : [OK]
51.  
52. # WHOIS Out
53. iptables -t filter -A OUTPUT -p tcp --dport 43 -j ACCEPT
54. echo - WHOIS : [OK]
55.  
56. # FTP Out
57. iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
58. iptables -t filter -A OUTPUT -p tcp --dport 30000:50000 -j ACCEPT
59. # FTP In
60. iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
61. iptables -t filter -A INPUT -p tcp --dport 30000:50000 -j ACCEPT
62. iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
63. echo - FTP : [OK]
64.  
65. # HTTP + HTTPS Out
66. iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
67. iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
68. # HTTP + HTTPS In
69. iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
70. iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
71. echo - HTTP/HTTPS : [OK]
72.  
73. # Mail SMTP:25
74. iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
75. iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
76. echo - SMTP : [OK]
77.  
78. # Mail POP3:110
79. iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
80. iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT
81. echo - POP : [OK]
82.  
83. # Mail IMAP:143
84. iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
85. iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT
86. echo - IMAP : [OK]
87.  
88. # Kloxo
89. iptables -t filter -A INPUT -p tcp --dport 7777:7778 -j ACCEPT
90. iptables -t filter -A OUTPUT -p tcp --dport 7777:7778 -j ACCEPT
91. echo - Kloxo : [OK]
92.  
93. echo - Firewall [OK]
94. exit 0
95. ;;
96.  
97. stop)
98. echo "Stopping Firewall... "
99. iptables -P INPUT ACCEPT
100. iptables -P OUTPUT ACCEPT
101. iptables -t filter -F
102. echo "Firewall Stopped!"
103. exit 0
104. ;;
105.  
106. restart)
107. /etc/init.d/firewall stop
108. /etc/init.d/firewall start
109. ;;
110.  
111. *)
112. echo "Usage: /etc/init.d/firewall {start|stop|restart}"
113. exit 1
114. ;;
115. esac