<pre>
#!/bin/bash
#
# This script is to be used with the 2.2 Kernel and IPCHAINS and will not
# work on the older Kernels (2.0.x) or the new 2.3/2.4 series.
#
# Be warned, this is a very restrictive set of firewall rules (and they
# should be, for proper security). Anything that you do not _specifically_
# allow is logged and dropped into /dev/null, so if you're wondering why
# something isn't working, check /var/log/messages.
#
# This is about as close as you get to a 'secure' firewall. It's nasty,
# it's harsh, and it will make your machine nearly invisible to the rest
# of the internet world. Have fun.
#
# To run this script you must 'chmod 700 ipchains-script' and then execute
# it. To stop it from running, run 'ipchains -F'
#
# If you have a ppp connection, a neat thing to do is to add the path of
# the script to your /etc/ppp/ip-up file so that everytime you connect, it
# will automatically run the script. 
#
# If you have dsl/cable you can have this script start up at boot time by 
# placing it in your startup files located in /etc/rc.d/rc.local for
# Red Hat Linux and /etc/init.d/rcS for Debian GNU/Linux
#
#

#Point this to your copy of ip_tables
IPC="/sbin/ipchains"

#Flush old rules, delete the firewall chain if it exists
$IPC -F
$IPC -F firewall
$IPC -X firewall

#Set up the firewall chain
$IPC -N firewall
$IPC -A firewall -j DENY


#Accept ourselves
$IPC -A input -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT

#Setup Masquerading. Change the IP to your internal network and uncomment
#this in order to enable it.
#$IPC -P forward ACCEPT
#$IPC -A forward -s 199.1.1.0/24 -j MASQ
#echo 1 > /proc/sys/net/ipv4/ip_forward

#Accept DNS, 'cause it's warm and friendly
$IPC -A input -p udp --source-port 53 -j ACCEPT
$IPC -A input -p tcp --source-port 113 -j ACCEPT
$IPC -A input -p tcp --destination-port 113 -j ACCEPT

#Allow ftp to send data back and forth.
$IPC -A input -p tcp ! --syn --source-port 20 --destination-port 1024:65535 -j ACCEPT

#Accept SSH. Duh.
$IPC -A input -p tcp --destination-port 22 -j ACCEPT

#Accept mail, uncomment this if you run a mail server.
#$IPC -A input -p tcp --destination-port 25 -j ACCEPT

#Accept HTTPd Requests, uncomment this if you run a web server.
#$IPC -A input -p tcp --destination-port 80 -j ACCEPT

#Send everything else ot the firewall.
$IPC -A input -p icmp -j firewall
$IPC -A input -p tcp --syn -j firewall
$IPC -A input -p udp -j firewall
</pre>

<? include ('footer-guides.php') ?>