Hallo Liste , habe hier meine Firewall und bitte um
Kommentare.
Der Rechner hat kein Netzwerk und wird nur zum
surfen und emailen mit dem Internet verbunden.
#!/bin/sh
# firewall.rules - created by levy.pl on Mon May 28 19:38:33 2001
# this is a -skeleton- ruleset-- adapt as needed.
#modified!!!
#
#load modules
/sbin/modprobe iptable_filter
/sbin/modprobe ip_conntrack
# chain policies
# set default policies
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP
# flush tables
/sbin/iptables -F
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -F FORWARD
/sbin/iptables -F -t mangle
/sbin/iptables -X
/sbin/iptables -F -t nat
# create DUMP table
/sbin/iptables -N DUMP > /dev/null
/sbin/iptables -F DUMP
/sbin/iptables -A DUMP -p tcp -j LOG
/sbin/iptables -A DUMP -p udp -j LOG
/sbin/iptables -A DUMP -p tcp -j REJECT --reject-with tcp-reset
/sbin/iptables -A DUMP -p udp -j DROP
/sbin/iptables -A DUMP -j DROP
# Stateful table
/sbin/iptables -N STATEFUL > /dev/null
/sbin/iptables -F STATEFUL
/sbin/iptables -I STATEFUL -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A STATEFUL -m state --state NEW -i ! ippp0 -j ACCEPT
/sbin/iptables -A STATEFUL -j DUMP
# loopback rules
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# drop reserved addresses incoming
/sbin/iptables -A INPUT -i ippp0 -s 0.0.0.0/7 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 1.0.0.0/8 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 2.0.0.0/8 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 5.0.0.0/8 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 10.0.0.0/8 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 23.0.0.0/8 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 27.0.0.0/8 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 31.0.0.0/8 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 67.0.0.0/8 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 68.0.0.0/6 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 72.0.0.0/5 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 80.0.0.0/4 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 96.0.0.0/3 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 127.0.0.0/8 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 128.0.0.0/16 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 128.66.0.0/16 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 169.254.0.0/16 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 172.16.0.0/12 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 191.255.0.0/16 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 192.0.0.0/16 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 192.168.0.0/16 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 197.0.0.0/8 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 201.0.0.0/8 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 204.152.64.0/23 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 224.0.0.0/3 -j DUMP
/sbin/iptables -A INPUT -i ippp0 -s 240.0.0.0/8 -j DUMP
# allow certain inbound ICMP types
/sbin/iptables -A INPUT -i ippp0 -p icmp --icmp-type destination-unreachable -j ACCEPT
/sbin/iptables -A INPUT -i ippp0 -p icmp --icmp-type time-exceeded -j ACCEPT
/sbin/iptables -A INPUT -i ippp0 -p icmp --icmp-type echo-reply -j ACCEPT
# opened ports
/sbin/iptables -A INPUT -p tcp -i ippp0 --dport 110 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i ippp0 --dport 110 -j ACCEPT
#/sbin/iptables -A INPUT -p tcp -i ippp0 --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i ippp0 --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i ippp0 --dport 80 -j ACCEPT
#/sbin/iptables -A INPUT -p tcp -i ippp0 --dport 8080 -j ACCEPT
#/sbin/iptables -A INPUT -p udp -i ippp0 --dport 8080 -j ACCEPT
/sbin/iptables -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level
info --log-prefix "firewall"
# push everything else to state table
/sbin/iptables -A INPUT -j STATEFUL
MfG Arne
--
-----------------------------------------------------------
Um sich aus der Liste auszutragen schicken Sie bitte eine
E-Mail an [EMAIL PROTECTED] die im Subject
"unsubscribe <deine_email_adresse>" enthaelt.
Bei Problemen bitte eine Mail an: [EMAIL PROTECTED]
-----------------------------------------------------------
846 eingetragene Mitglieder in dieser Liste.
