On 6 October 2015 at 22:14, James <wirel...@tampabay.rr.com> wrote: > > Hello, > > I just ran across this page: > > http://gentoo-en.vfose.ru/wiki/Iptables/Iptables_and_stateful_firewalls#State_basics > > It has a basic firewall using iptables. > Not bad for a generic firewall on a openrc workstation. > What is the best way to auto lauch this sort of firewall.sh ? > > Any improvements in this basic workstation firewall > everything out, nothing in? > A simple rule for ssh in only from the local lan > (use 192.168.100.100 for example rule(s). > >
Hi, I suggest you look into firehol package. It creates iptables rules out of human readable policy. Regards, Alon > ................................... > firewall.sh > ................................... > #!/bin/bash > # A basic stateful firewall for a workstation or laptop that isn't running any > # network services like a web server, SMTP server, ftp server, etc. > > if [ "$1" = "start" ] > then > echo "Starting firewall..." > iptables -P INPUT DROP > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > elif [ "$1" = "stop" ] > then > echo "Stopping firewall..." > iptables -F INPUT > iptables -P INPUT ACCEPT > fi > ............................ > > just launched manually as a script. > > > Any good tools to quickly test this firewall from another local workstation? > > > wwr, > James > >