Skip to content

Instantly share code, notes, and snippets.

@Geofferey
Created October 26, 2018 03:35
Show Gist options
  • Save Geofferey/b74911052813675aa5cee654c76545b2 to your computer and use it in GitHub Desktop.
Save Geofferey/b74911052813675aa5cee654c76545b2 to your computer and use it in GitHub Desktop.
#!/system/xbin/bash
## A simple set of iptables firewall rules to
# to block incoming connevtions on rooted
# Android devices.
## Place this script in /su.d or /etc/init.d
# to run at startup.
## Firat perform several checks to confirm
# system is full booted. Not all of these
# checks will pass on every device.
until [[ $(getprop sys.boot_completed) = 1 ]]; do
sleep 0
done
until [[ $(getprop dev.bootcomplete) = 1 ]]; do
sleep 0
done
until [[ $(getprop service.bootanim.exit) = 1 ]]; do
sleep 0
done
until [[ $(getprop init.svc.bootanim) = stopped ]]; do
sleep 0
done
until [[ $(getprop sys.logbootcomplete) = 1 ]]; do
sleep 0
done
until [[ $(getprop init.svc.netd) = running ]]; do
sleep 0
done
until [[ $(getprop init.svc.netmgrd) = running ]]; do
sleep 0
done
## Sleep for 60 cycles just to be sure.
sleep 60
# Apply IPv4 Tables INBOUND Rules
ip6tables -A INPUT -j DROP
ip6tables -I INPUT -s fe80::/10 -j ACCEPT
ip6tables -I INPUT -d ff02::/10 -j ACCEPT
ip6tables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Apply IPv6 Tables
iptables -A INPUT -j DROP
iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT -i lo -j ACCEPT
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment