Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support Linuxhelp Wiki

IPFWadm Firewall Script   
Printable Version 
#!/bin/sh

# This script is to be used with the 2.0 Kernel and IPFWADM and will not
# work on the newer Kernels (2.2.x). To get this simple script to work,
# you must edit a few entries. The first would be to change
# "lyte.dynip.com" to your hostname. The second would be to go through the
# script and remove any of the rules which you don't want or don't require.
# After that is done, save it, exit and type " chmod 700 ipfwadm-script "
# and then simply type "./ipfwadm-script" as root to start up the script.
# A neat thing to do is to add the path of the script to your /etc/ppp/ip-up 
# file so that everytime you connect, it will automatically run the script. 
#
# Joey.
#


# Flush out any old rules.

/sbin/ipfwadm -I -f
/sbin/ipfwadm -A -f
/sbin/ipfwadm -O -f
/sbin/ipfwadm -F -f

# Block ALL ICMP
/sbin/ipfwadm -I -i reject -P icmp -D lyte.dynip.com -S 0.0.0.0/0

# Block IPs known to ICMP Me
/sbin/ipfwadm -I -i reject -P icmp -D lyte.dynip.com -S 200.230.142.0/24 
/sbin/ipfwadm -I -i reject -P icmp -D lyte.dynip.com -S 200.230.138.0/24 
/sbin/ipfwadm -I -i reject -P icmp -D lyte.dynip.com -S 204.137.83.0/24
/sbin/ipfwadm -I -i reject -P icmp -D lyte.dynip.com -S 149.174.0.0/24 
/sbin/ipfwadm -I -i reject -P all -D lyte.dynip.com -S 199.44.46.0/24
/sbin/ipfwadm -I -i reject -P all -D lyte.dynip.com -S 199.248.91.0/24

# Block Back Orifice and Netbus ports.
/sbin/ipfwadm -I -i reject -P udp -D lyte.dynip.com 31337 -S 0.0.0.0/0
/sbin/ipfwadm -I -i reject -P udp -D lyte.dynip.com 12345 -S 0.0.0.0/0

# Block remote shell access.
/sbin/ipfwadm -I -i reject -P tcp -D lyte.dynip.com login -S 0.0.0.0/0
/sbin/ipfwadm -I -i reject -P tcp -D lyte.dynip.com exec -S 0.0.0.0/0

# Stop unwanted junkmailers.
/sbin/ipfwadm -I -i reject -P tcp -D lyte.dynip.com smtp -S 205.188.146.0/24
/sbin/ipfwadm -I -i reject -P tcp -D lyte.dynip.com smtp -S 152.163.210.0/24

# Block certain people from the webserver.
/sbin/ipfwadm -I -i reject -P tcp -D lyte.dynip.com http -S 208.158.193.0/24
/sbin/ipfwadm -I -i reject -P tcp -D lyte.dynip.com ftp -S 208.158.193.0/24

# Block all other ports.
/sbin/ipfwadm -I -i reject -P tcp -D lyte.dynip.com imap -S 0.0.0.0/0
/sbin/ipfwadm -I -i reject -P tcp -D lyte.dynip.com sunrpc -S 0.0.0.0/0
/sbin/ipfwadm -I -i reject -P udp -D lyte.dynip.com sunrpc -S 0.0.0.0/0
/sbin/ipfwadm -I -i reject -P tcp -D lyte.dynip.com linuxconf -S 0.0.0.0/0

Having trouble? Got questions? Require further assistance? If so please feel free to visit our Help Forums and ask the experts!


Copyright © 1997 - 2008 Private World Domination Inc. All rights reserved.
Linux is a registered trademark of Linus Torvalds. All other trademarks and copyrights are the property of their respective owners.
| Contact Us | Link to Us | RSS Feed | Staff |

DNS Hosting by easyDNS