The Most Amazing Web Resources

Personal Firewall Shell Script

Posted in February 9th, 2008
by peorex in How to

Shell script for setting up stateful based on .

  • Suitable for personal use
  • Protects your computer from outside world attacks
  • Handling packets based on connection state (ESTABLISHED, RELATED)
  • OS Linux

Shell script entry:

#!/bin/sh
# Shell script for stateful firewall based on iptables
IPTABLES='/sbin/iptables'
ME=`basename $0`

# Must be root
    if [ "`/usr/bin/id -u`" != 0 ] ; then
    echo "$ME: You must be root to run this script" >& 2
    exit 1
fi

do_start ()
{
    # drop packets that don't pass any rules
    $IPTABLES -P INPUT DROP
    # accept packets that are part of established or related connection
    $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    # accept packets from loopback interface
    $IPTABLES -A INPUT -i lo -j ACCEPT
    # log packets that don't pass the above rules
    $IPTABLES -A INPUT -j LOG --log-prefix "firewall: "
}

do_stop ()
{
    # flush rules and delete the optional user-defined chains
    $IPTABLES -F
    $IPTABLES -X
    $IPTABLES -t nat -F
    $IPTABLES -t nat -X
    $IPTABLES -t mangle -F
    $IPTABLES -t mangle -X

    $IPTABLES -P INPUT ACCEPT
    $IPTABLES -P FORWARD ACCEPT
    $IPTABLES -P OUTPUT ACCEPT

    $IPTABLES -t nat -P PREROUTING ACCEPT
    $IPTABLES -t nat -P POSTROUTING ACCEPT
    $IPTABLES -t nat -P OUTPUT ACCEPT

    $IPTABLES -t mangle -P PREROUTING ACCEPT
    $IPTABLES -t mangle -P INPUT ACCEPT
    $IPTABLES -t mangle -P FORWARD ACCEPT
    $IPTABLES -t mangle -P OUTPUT ACCEPT
    $IPTABLES -t mangle -P POSTROUTING ACCEPT
}

do_status ()
{
    echo
    echo $IPTABLES "-t filter -v -L"
    $IPTABLES -t filter -v -L

    echo
    echo
    echo $IPTABLES "-t nat -v -L"
    $IPTABLES -t nat -v -L

    echo
    echo
    echo $IPTABLES "-t mangle -v -L"
    $IPTABLES -t mangle -v -L
}

case "$1" in
    start)
        echo -n "Starting firewall... "
        do_stop
        do_start
        echo "done"
    ;;

    stop)
        echo -n "Stopping firewall... "
        do_stop
        echo "done"
    ;;

    restart|reload|force-reload)
        echo -n "Restarting firewall... "
        do_stop
        do_start
        echo "done"
    ;;

    status)
        echo "List all iptables tables, chains, rules and net stats"
        do_status
    ;;

    *)
        echo "Usage: $0 {start|stop|restart|reload|force-reload|status}" >&2
        exit 1
    ;;
esac

exit 0

Technorati tags:

Follow-up responses to this entry through the RSS feed, Leave a Reply or Trackback from your own site.

Leave a Reply

 Username (*required)

 Email Address (*private)

 Website (*optional)

Copyright © 2007 - 2008 StoneStreem.com, All Rights Reserved. | Privacy Policy | Terms of Use
Powered by WordPress | Thanks to VA4Business, Virtual Assistance for Business who's blog can be found at Steve Arun's Virtual Marketing Blog