Simple Iptables Shell Script
All Scripts written under Ubuntu 7.04
#!/bin/bashipt=/sbin/iptables # flush all chains$ipt -F $ipt -X $ipt -Z # set the default policy for each of the pre-defined chains $ipt -P INPUT DROP $ipt -P OUTPUT DROP $ipt -P FORWARD DROP # accept anything on loopback $ipt -A OUTPUT -d 127.0.0.1 -o lo -j ACCEPT $ipt -A INPUT -s 127.0.0.1 -i lo -j ACCEPT # to allow incoming/outgoing DNS $ipt -A INPUT -p udp --sport 53 -j ACCEPT $ipt -A OUTPUT -p udp --dport 53 -j ACCEPT # Let established traffic origin from local system pass thru #tcp $ipt -A INPUT -p tcp -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT $ipt -A OUTPUT -p tcp -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #udp $ipt -A INPUT -p udp -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT $ipt -A OUTPUT -p udp -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #icmp $ipt -A INPUT -p icmp -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT $ipt -A OUTPUT -p icmp -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Leave a Reply