ceyes/firewall.sh

## firewall.sh
#!/bin/bash

# clear rule
iptables -F
iptables -X
iptables -Z

# default policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# rules
# load modules
modprobe ip_conntrack
modprobe ip_conntrack_ftp

# accept lo
iptables -A INPUT -i lo -j ACCEPT

# accept RELATED and ESTABLISHED
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# accept icmp
iptables -A INPUT -p icmp -j ACCEPT

# open some ports
open_tcp="20 21 22 139 445 4000"

open_udp="69 137 138"
	# 69: tftp

#source="-s 192.168.1.8"

for i in $open_tcp; do
	iptables -A INPUT $source -p TCP --dport $i -j ACCEPT
done

for i in $open_udp; do
	iptables -A INPUT $source -p udp --dport $i -j ACCEPT
done


# save
release=`cat /etc/os-release | awk -F '[=,"]+' '{print $2;exit}'`

case $release in
	Gentoo)
		/etc/init.d/iptables save;;

	Fedora)
		/usr/libexec/iptables/iptables.init save;;

	Red*)
		/etc/init.d/iptables save;;
esac
	#!/bin/bash

	# clear rule
	iptables -F
	iptables -X
	iptables -Z

	# default policy
	iptables -P INPUT DROP
	iptables -P OUTPUT ACCEPT
	iptables -P FORWARD DROP

	# rules
	# load modules
	modprobe ip_conntrack
	modprobe ip_conntrack_ftp

	# accept lo
	iptables -A INPUT -i lo -j ACCEPT

	# accept RELATED and ESTABLISHED
	iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

	# accept icmp
	iptables -A INPUT -p icmp -j ACCEPT

	# open some ports
	open_tcp="20 21 22 139 445 4000"

	open_udp="69 137 138"
	# 69: tftp

	#source="-s 192.168.1.8"

	for i in $open_tcp; do
	iptables -A INPUT $source -p TCP --dport $i -j ACCEPT
	done

	for i in $open_udp; do
	iptables -A INPUT $source -p udp --dport $i -j ACCEPT
	done


	# save
	release=`cat /etc/os-release \| awk -F '[=,"]+' '{print $2;exit}'`

	case $release in
	Gentoo)
	/etc/init.d/iptables save;;

	Fedora)
	/usr/libexec/iptables/iptables.init save;;

	Red*)
	/etc/init.d/iptables save;;
	esac