Umístění: Plešatý Welbloud .cz » comp » Un*xové poznámky » Firewall - jednodušší

Firewall - jednodušší

firewall init skript pro debian, pouziva iptables.

Neobsahuje sadu pravidel, komentované příklady například viz Firewall s Netfilter/iptables nebo kdekoliv jinde.

#! /bin/sh
#
# Author: Simon Rerucha <srerucha.hdata.cz>
#
# /etc/init.d/firewall
#
#   and symbolic its link
#
# /usr/sbin/rcfirewall
#
### BEGIN INIT INFO
# Provides: fw
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Description: Start the firewall
### END INIT INFO
 
 
PATH="/usr/sbin:/sbin:$PATH"
. /lib/lsb/init-functions
 
 
case "$1" in
    start)
        echo -n "Starting iptables"
 
 
        #
        # forward + masquerading
        #
 
        #vsechno zakazem
        iptables --table filter -P FORWARD DROP
 
        iptables -A FORWARD -m state --state RELATED,ESTABLISHED  -j ACCEPT
 
        # povolime provoz zevnitr
        iptables -A FORWARD -s 10.0.5.0/24 -i eth1 -j ACCEPT
 
        # zakazem podvrhy zvenci
        iptables -A FORWARD -s 10.0.0.0/16 -i eth0 -j DROP
 
 
        # maskarada
        iptables --table nat -A POSTROUTING -s 10.0.0.0/16 -o eth0 -j MASQUERADE
 
        # a dalsi pravidla .....
 
        log_end_msg 0
        ;;
 
    stop)
        echo -n "Shutting down iptables"
        iptables --table filter -P INPUT ACCEPT
        iptables --table filter -P FORWARD ACCEPT
        iptables -F INPUT
        iptables -F FORWARD
        iptables --table nat -F POSTROUTING
 
        # Remember status and be verbose
        log_end_msg 0
        ;;
 
    restart)
        ## Stop the service and regardless of whether it was
        ## running or not, start it again.
        $0 stop
        $0 start
 
        # Remember status and be quiet
        log_end_msg 0
        ;;
 
    status)
        iptables -L -n
        ;;
 
       *)
        echo "Usage: $0 {start|stop|restart|status}"
        exit 1
        ;;
esac