#1  
Old 8th May 2006, 20:34
ColdDoT ColdDoT is offline
Senior Member
 
Join Date: Jan 2006
Location: Netherland
Posts: 178
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to ColdDoT
Default Firewall script

Hello

atlast i have found a nice firewall script.
after custemizing it it wil not work for everything. it only works for ssh(ppff and i'm happy that that isn't blocked) and ftp(so far i have tested it)

this is my script
Code:
#!/bin/bash
NAME="firewall"
IPTABLES="/sbin/iptables"
case "$1" in
start)
echo -n "Starting firewall.."
#Flush then restrict
$IPTABLES -F
$IPTABLES -P FORWARD DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP

# For ping and traceroute
$IPTABLES -A INPUT -p icmp --icmp-type 0 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 8 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A OUTPUT -p icmp --icmp-type 4 -j ACCEPT
$IPTABLES -A OUTPUT -p icmp --icmp-type 12 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 11 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 30 -j ACCEPT

# For traceroute
$IPTABLES -A INPUT -i eth0 -p udp --source-port 32769:65535 \
--destination-port 33434:33523 -j ACCEPT

$IPTABLES -A OUTPUT -p udp --source-port 32769:65535 \
--destination-port 33434:33523 -j ACCEPT

$IPTABLES -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT
$IPTABLES -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT
$IPTABLES -A OUTPUT -p icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A OUTPUT -p icmp --icmp-type 4 -j ACCEPT
$IPTABLES -A OUTPUT -p icmp --icmp-type 12 -j ACCEPT
$IPTABLES -A OUTPUT -p icmp --icmp-type 11 -j ACCEPT
$IPTABLES -A OUTPUT -p icmp --icmp-type 30 -j ACCEPT

$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
$IPTABLES -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

############################################################################################################
#Custom ports from low to high
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
############################################################################################################
#query                #Soort                   #poort        #accpet/deny      #Protecol
$IPTABLES -A INPUT -p tcp --destination-port   20:21 -j      ACCEPT            # FTP
$IPTABLES -A INPUT -p tcp --destination-port   22 -j         ACCEPT            # SSH
$IPTABLES -A INPUT -p tcp --destination-port   25 -j         ACCEPT            # SMTP
$IPTABLES -A INPUT -p tcp --destination-port   53 -j         ACCEPT            # DNS
$IPTABLES -A INPUT -p udp --destination-port   53 -j         ACCEPT            # DNS
$IPTABLES -A INPUT -p tcp --destination-port   143 -j        ACCEPT            # IMAP
$IPTABLES -A INPUT -p tcp --destination-port   443 -j        ACCEPT            # HTTPS
$IPTABLES -A INPUT -p tcp --destination-port   666 -j        ACCEPT            # HTTPS monit
$IPTABLES -A INPUT -p udp --destination-port   666 -j        ACCEPT            # TeamSpeak cold server
$IPTABLES -A INPUT -p udp --destination-port   7777 -j       ACCEPT            # Tactical Ops server
$IPTABLES -A INPUT -p udp --destination-port   7778 -j       ACCEPT            # Tactical Ops server query
$IPTABLES -A INPUT -p udp --destination-port   32768 -j      ACCEPT            # DNS
$IPTABLES -A INPUT -p tcp --dport auth --j                   REJECT            # Reject sunrpc 111
############################################################################################################
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
############################################################################################################
#query                 #Soort                   #poort        #accpet/deny      #Protecol
$IPTABLES -A OUTPUT -p tcp --destination-port   20:21 -j      ACCEPT            # FTP
$IPTABLES -A OUTPUT -p tcp --destination-port   25 -j         ACCEPT            # SMTP
$IPTABLES -A OUTPUT -p tcp --destination-port   80 -j         ACCEPT            # HTTP
$IPTABLES -A OUTPUT -p tcp --destination-port   110 -j        ACCEPT            # POP
$IPTABLES -A OUTPUT -p tcp --destination-port   143 -j        ACCEPT            # IMAP
$IPTABLES -A OUTPUT -p tcp --destination-port   666 -j        ACCEPT            # HTTPS monit
$IPTABLES -A OUTPUT -p udp --destination-port   666 -j        ACCEPT            # TeamSpeak cold server
$IPTABLES -A OUTPUT -p tcp --destination-port   993 -j        ACCEPT            # SIMAP
$IPTABLES -A OUTPUT -p tcp --destination-port   995 -j        ACCEPT            # SPOP
$IPTABLES -A OUTPUT -p udp --destination-port   7777 -j       ACCEPT            # Tactical Ops server
$IPTABLES -A OUTPUT -p udp --destination-port   7778 -j       ACCEPT            # Tactical Ops server query
$IPTABLES -A OUTPUT -p tcp --destination-port   8090 -j       ACCEPT            # FrontPage extension
$IPTABLES -A OUTPUT -p tcp --destination-port   14534 -j      ACCEPT            # TeamSpeak admin page
############################################################################################################
#End custom ports
############################################################################################################
$IPTABLES -A INPUT -p tcp --dport auth --j REJECT # Reject sunrpc 111
$IPTABLES -A INPUT -p tcp -i lo -d 0/0 -j ACCEPT
echo "..done"
;;
stop)
echo -n "Stopping firewall.."
$IPTABLES -F
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P INPUT ACCEPT
echo "done"
;;
*)
echo "Usage: $NAME {start|stop}"
exit 1
;;
esac
i run this script with this command after chmod 755
/etc/init.d/firewall start ; sleep 30 ; /etc/init.d/firewall stop(just in case)

does any1 now what wrong with it
i can't acces my site with the firewall on
www.colddot.nl
or any of my client sites.

greets kevin valk
__________________
2B or not 2B (a pro)
Reply With Quote
Sponsored Links
  #2  
Old 8th May 2006, 23:50
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
 
Default

I can't find
Code:
$IPTABLES -A INPUT -p tcp --destination-port   80 -j        ACCEPT
in that script...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to install APF (Advanced Policy Firewall) domino Tips/Tricks/Mods 5 8th March 2006 03:57
Suggestion: Use mySQL script for installation Dee General 1 17th February 2006 10:02
Server setup for Web Purposes with custom Firewall ramangill Installation/Configuration 22 8th February 2006 22:43
I need a suitable firewall. agul Server Operation 4 23rd November 2005 00:12
Updating firewall breaks VPS benbalbo Installation/Configuration 2 4th November 2005 06:58


All times are GMT +2. The time now is 04:55.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.