Difference between revisions of "Firewall"

From Organic Design wiki
(new firewall, old azzuro one out of date)
 
(switched eth0 and 1)
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
This is a basic firewall which works for most Linux distro's. It's based on the [http://www.debian-administration.org/articles/23 Setting up a simple Debian gateway] article from [http://www.debian-administration.org debian-administration.org] and assumes ''eth0'' to be the external WAN interface and ''eth1'' the internal LAN interface. On Debian based machines, save this script as ''/etc/network/if-up.d/00-firewall'' and it will execute whenever the networking starts up.
+
{{svn|tools|firewall.sh}}
  
{{code|<pre>
+
This is a basic firewall which works for most Linux distro's. It's based on the [http://www.debian-administration.org/articles/23 Setting up a simple Debian gateway] article from [http://www.debian-administration.org debian-administration.org] and assumes ''eth0'' to be the internal LAN interface and ''eth1'' the external WAN interface. On Debian based machines, save this script as ''/etc/network/if-up.d/00-firewall'' and it will execute whenever the networking starts up.
#!/bin/sh
 
 
 
# delete all existing rules.
 
iptables -F
 
iptables -t nat -F
 
iptables -t mangle -F
 
iptables -X
 
 
 
# Always accept loopback traffic
 
iptables -A INPUT -i lo -j ACCEPT
 
 
 
# Allow established connections, and those not coming from the outside
 
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
 
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
 
 
 
# Allow outgoing connections from the LAN side.
 
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
 
 
 
# Masquerade.
 
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 
 
 
# Don't forward from the outside to the inside.
 
iptables -A FORWARD -i eth0 -o eth0 -j REJECT
 
 
 
# Enable routing.
 
echo 1 > /proc/sys/net/ipv4/ip_forward
 
</pre>}}
 
  
 
== See also ==
 
== See also ==
 
*[http://packages.debian.org/search?keywords=dnsmasq dnsmasq]
 
*[http://packages.debian.org/search?keywords=dnsmasq dnsmasq]

Latest revision as of 05:30, 17 November 2009

Info.svg This code is in our Git repository here.

Note: If there is no information in this page about this code and it's a MediaWiki extension, there may be something at mediawiki.org.

This is a basic firewall which works for most Linux distro's. It's based on the Setting up a simple Debian gateway article from debian-administration.org and assumes eth0 to be the internal LAN interface and eth1 the external WAN interface. On Debian based machines, save this script as /etc/network/if-up.d/00-firewall and it will execute whenever the networking starts up.

See also