andygock/cfg-firewall.sh

## cfg-firewall.sh
#!/bin/sh

# Flush tables
iptables -F

# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow SSH, VNC, Web etc
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
# iptables -A INPUT -p tcp --dport 5900 -j ACCEPT
# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Ping, from anywhere
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT

# Accept all from localhost
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Drop everything else
iptables -A INPUT -j DROP
	#!/bin/sh

	# Flush tables
	iptables -F

	# Allow established connections
	iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

	# Allow SSH, VNC, Web etc
	iptables -A INPUT -p tcp --dport ssh -j ACCEPT
	# iptables -A INPUT -p tcp --dport 5900 -j ACCEPT
	# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
	# iptables -A INPUT -p tcp --dport 443 -j ACCEPT

	# Ping, from anywhere
	iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
	iptables -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT

	# Accept all from localhost
	iptables -A INPUT -i lo -j ACCEPT
	iptables -A OUTPUT -o lo -j ACCEPT

	# Drop everything else
	iptables -A INPUT -j DROP