The Most Amazing Web Resources

Personal Firewall Shell Script

Posted in February 9th, 2008
by peorex in How to

Shell script for setting up stateful based on .

  • Suitable for personal use
  • Protects your computer from outside world attacks
  • Handling packets based on connection state (ESTABLISHED, RELATED)
  • OS Linux

Shell script entry:

#!/bin/sh

# Shell script for stateful firewall based on iptables
Version=1.0.1

PATH=/sbin:/usr/sbin:/bin:/usr/bin
ME=$(basename "$0")		# program name as invoked
IPTABLES='/sbin/iptables'

# Must be root
if [ "$(/usr/bin/id -u)" != 0 ] ; then
    echo -e "$ME: You must be root to run this script.\n" >&2
    exit 1
fi

do_start ()
{
    # drop packets that don't pass any rules
    $IPTABLES -P INPUT DROP
    # accept packets that are part of established or related connection
    $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    # accept packets from loopback interface
    $IPTABLES -A INPUT -i lo -j ACCEPT
    # log packets that don't pass the above rules
    $IPTABLES -A INPUT -j LOG --log-prefix "firewall: "
}

do_stop ()
{
    # flush rules and delete the optional user-defined chains
    $IPTABLES -F
    $IPTABLES -X
    $IPTABLES -t nat -F
    $IPTABLES -t nat -X
    $IPTABLES -t mangle -F
    $IPTABLES -t mangle -X
    $IPTABLES -P INPUT ACCEPT
    $IPTABLES -P FORWARD ACCEPT
    $IPTABLES -P OUTPUT ACCEPT
    $IPTABLES -t nat -P PREROUTING ACCEPT
    $IPTABLES -t nat -P POSTROUTING ACCEPT
    $IPTABLES -t nat -P OUTPUT ACCEPT
    $IPTABLES -t mangle -P PREROUTING ACCEPT
    $IPTABLES -t mangle -P INPUT ACCEPT
    $IPTABLES -t mangle -P FORWARD ACCEPT
    $IPTABLES -t mangle -P OUTPUT ACCEPT
    $IPTABLES -t mangle -P POSTROUTING ACCEPT
}

do_status ()
{
    echo
    echo $IPTABLES "-t filter -v -L"
    $IPTABLES -t filter -v -L
    echo
    echo
    echo $IPTABLES "-t nat -v -L"
    $IPTABLES -t nat -v -L
    echo
    echo
    echo $IPTABLES "-t mangle -v -L"
    $IPTABLES -t mangle -v -L
}

case "$1" in
    start)
        echo -n "$ME: Starting firewall... "
        do_stop
        do_start
        echo "done"
    ;;
    stop)
        echo -n "$ME: Stopping firewall... "
        do_stop
        echo "done"
    ;;
    restart|reload|force-reload)
        echo -n "$ME: Restarting firewall... "
        do_stop
        do_start
        echo "done"
    ;;
    status)
        echo "$ME: List all iptables tables, chains, rules and net stats"
        do_status
    ;;
    --version)
        echo -e "$ME version: $Version \n"
    ;;
    *)
        echo -n "Usage: $0 {start|stop|restart|reload|force-reload" >&2
        echo "|status|--version}" >&2
        exit 1
    ;;
esac

exit 0


Technorati tags:

Tags:

One Response to "Personal Firewall Shell Script"

Follow-up responses to this entry through the RSS feed, Leave a Reply or Trackback from your own site.
John cydayfoency said,
in December 18th, 2008 at 3:18 pm

First of all congratulation for such a great site. I learned a lot reading article here today. I will make sure i visit this site once a day so i can learn more.

Leave a Reply

 Username (*required)

 Email Address (*private)

 Website (*optional)

Copyright © 2007 - 2008 StoneStreem.com, All Rights Reserved. | Privacy Policy | Terms of Use
Powered by WordPress | Thanks to VA4Business, Virtual Assistance for Business who's blog can be found at Steve Arun's Virtual Marketing Blog