Firewall with Linux script
Written by Guillermo Garron
Date: 2007-01-29 12:36:30 00:00
Security is always an Issue in all computer environment and Linux is not an exception, you can use this script to protect either your home PC or your small office network
Get the script here
Now you can configure it for your needs, here you have an example.
Permit "192.168.0.0/24 200.90.85.32/32 0.0.0.0:80/tcp 166.114.10.10/32:22/tcp"
The line above will:
- Allow access to IPs from 192.168.0.1 to 192.168.0.254
- Allow access to the specific IP 200.90.85.32
- Allow access to tcp port 80 (WEB) to every body
- Allow ssh access from 166.114.10.10
Test it
First make the script executable
chmod 700 rc.firewall
Now if you are testing in a local machine just run it and test if you still have access from the other sites you wish to have access.
If you are testing on a remote server, as far as you are connected you can run it, and try to open another ssh session if you are able to enter, you can continue, if not, you are blocking yourself. If you want to be really sure you are not going to block yourself and lost connection to your remote server, put a cronjob, to execute in 15 minutes with the command.
iptables -F
That should clean all iptables rules, and will have access again.
Make it automatic
Here I will start with Debian / Ubuntu and maybe other debian based distros.
Copy the script to /etc/init.d/
run the command
update-rc.d rc.firewall defaults 19
Done
Now lets go with Fedora, CentOS and RedHat Linux
Copy the script to /etc/rc.d/
run the command
echo '/etc/rc.d/rc.firewall >> /etc/rc.local
Done