On Friday 29 October 2004 23:02, Neil White wrote: [..snip..]
I have looked on the internet for sample scripts but they all seem to be related to people running NAT based firewalls. I simply need a script that will restrict access to certain ports and services, and block everything else.
[..snip..] A lot of answers for this question with helpful links and info, but none contained a useful, ready-to-use script. Therefore, I present to you.... My Script (tadaa...!) <script> iptables -F iptables --flush && iptables --delete-chain iptables -P INPUT ACCEPT iptables -P INPUT DROP iptables -A INPUT -p all -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -m multiport --dport http,https,ssh -j ACCEPT iptables -A INPUT -p all -s 123.80.56.0/24 -j ACCEPT # loopback iptables -A INPUT -p all -s 127.0.0.1 -j ACCEPT iptables -A INPUT -j LOG --log-prefix "IPTABLES_INPUT_LOG: " </script> The above script will : a) allow access to any port from any machine originating from the, presumably, trusted subnet 123.80.56.0 b) allow communication to proceed if it was originated from same machine or if from localhost c) allow TCP access to HTTP, HTTPS amd SSH d) deny everything else e) log denied attempts to syslog with "IPTABLES_INPUT_LOG" prefix Hope it helps, -Stathis