#!/bin/bash
OUT_INTERFACE=eth0 IN_INTERFACE=eth1
echo Flushing and initializing iptables...
iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain
echo Setting up IP-masquerading/NAT...
iptables --table nat --append POSTROUTING --out-interface $OUT_INTERFACE -j MASQUERADE
iptables --append FORWARD --in-interface $IN_INTERFACE -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
echo Blocking dangerous ports...
# Allow loopback access. This rule must come before the rules denying port access!!
iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A OUTPUT -o lo -p all -j ACCEPT
# Block specific port numbers
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 1214 -j REJECT # Block Kazaa
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 139 -j REJECT # Block Windows file sharing
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 445 -j REJECT # Block Windows file sharing
# Special protection iptables -A INPUT -p all -s localhost -i $OUT_INTERFACE -j DROP
echo Setting up redirection for transparent proxy...
# This redirects all web requests (port 80) to DansGuardian (port 8080)
iptables -t nat -A PREROUTING -i $IN_INTERFACE -p tcp --dport 80 -j REDIRECT --to-port 8080
DATE=`date` echo "At $DATE, your firewall was restarted." | sendmail [EMAIL PROTECTED]
echo Done!
____________________
BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________
List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
