Linux Netfilter discussions
 help / color / mirror / Atom feed
From: Felix Bauer <felixathome@gmx.net>
To: netfilter@lists.netfilter.org
Subject: firewall startup script
Date: Fri, 01 Aug 2003 12:54:44 +0200	[thread overview]
Message-ID: <3F2A46F4.9070001@gmx.net> (raw)

Hi,

if got a question about my script for my router-configuration. It should 
enable ip4warding, masquerade my local hosts,
allow my local hosts everything and open some ports which should be 
external available but if I run this script
it kinda stops after masquerading (I can read the output on the console 
but then everything is freezed since the local
ports aren't open anymore and not reopend by the script). Is there any 
logical error I missed?

<script>
#!/bin/bash
#** $Id$
#**
#** Firewall-startup script
#**

#** variables
iptables="/sbin/iptables"
localnet="192.168.0.0/24"
worldports="21 22 53 80"


case $1 in
    start)
    #** enable IP-forwarding
     echo "Enabling IP-Forwarding"
     echo "1" > /proc/sys/net/ipv4/ip_forward

     #** flush old chains
      echo "Flushing old rules"
      $iptables -F INPUT
      $iptables -F OUTPUT
      $iptables -F FORWARD
      $iptables -t nat -F PREROUTING
      $iptables -t nat -F POSTROUTING
      $iptables -t nat -F OUTPUT

     #** allow localnet everything
      echo "Creating rule for local network"
      $iptables -A INPUT -s localhost -d localhost -j ACCEPT
      $iptables -A INPUT -p tcp -s $localnet -j ACCEPT
      $iptables -A INPUT -p udp -s $localnet -j ACCEPT

     #** setup Masquerading
      echo "Creating rule for Masquerading"
      $iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

     #** opening ports
      echo "Opening ports:"
      $iptables -A INPUT -p icmp -j ACCEPT

      for port in $worldports
       do
        echo " - $port"
        $iptables -A INPUT -p tcp --dport $port -j ACCEPT
        $iptables -A INPUT -p udp --dport $port -j ACCEPT
       done

     #** Allow all outgoing packets to be not filtered
      $iptables --policy OUTPUT ACCEPT

     #** Drop everything else
      $iptables -A INPUT -j DROP
    ;;
    stop)
    ;;
    *)
    echo "Usage: $0 { start | stop }"
    ;;
    esac
exit 0
</script>

thx a lot
fe



             reply	other threads:[~2003-08-01 10:54 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-08-01 10:54 Felix Bauer [this message]
2003-08-01 11:56 ` firewall startup script Ruprecht Helms
2003-08-01 12:24   ` Felix Bauer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3F2A46F4.9070001@gmx.net \
    --to=felixathome@gmx.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox