Firewall with Linux script

Written by
Date: 2007-01-29 12:36:30 00:00

Security is always an Issue in all computer environment and Linux is not an exception, you can use this script to protect either your home PC or your small office network

Get the script here

Now you can configure it for your needs, here you have an example.

Permit "192.168.0.0/24 200.90.85.32/32 0.0.0.0:80/tcp 166.114.10.10/32:22/tcp"

The line above will:

  • Allow access to IPs from 192.168.0.1 to 192.168.0.254
  • Allow access to the specific IP 200.90.85.32
  • Allow access to tcp port 80 (WEB) to every body
  • Allow ssh access from 166.114.10.10

Test it

First make the script executable

chmod 700 rc.firewall

Now if you are testing in a local machine just run it and test if you still have access from the other sites you wish to have access.

If you are testing on a remote server, as far as you are connected you can run it, and try to open another ssh session if you are able to enter, you can continue, if not, you are blocking yourself. If you want to be really sure you are not going to block yourself and lost connection to your remote server, put a cronjob, to execute in 15 minutes with the command.

iptables -F

That should clean all iptables rules, and will have access again.

Make it automatic

Here I will start with Debian / Ubuntu and maybe other debian based distros.

Copy the script to /etc/init.d/

run the command

update-rc.d rc.firewall defaults 19

Done

Now lets go with Fedora, CentOS and RedHat Linux

Copy the script to /etc/rc.d/

run the command

echo '/etc/rc.d/rc.firewall >> /etc/rc.local

Done