On Tue, Oct 6, 2015 at 3:14 PM, James <wirel...@tampabay.rr.com> wrote: > > #!/bin/bash > # A basic stateful firewall for a workstation or laptop that isn't running any > # network services like a web server, SMTP server, ftp server, etc. > > if [ "$1" = "start" ] > then > echo "Starting firewall..." > iptables -P INPUT DROP > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > elif [ "$1" = "stop" ] > then > echo "Stopping firewall..." > iptables -F INPUT > iptables -P INPUT ACCEPT > fi
Since you're starting from scratch, you might want to replace "-m state --state" by "-m conntrack --ctstate" because the former's deprecated and is now an alias to the latter.
