firewall.basic

#! /bin/bash

### BEGIN INIT INFO
# Provides: firewall
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Gateway firewall script
# Description: Enable service provided by daemon.
### END INIT INFO

tables_start()
{
iptables -N INPUT_LOG_ACCEPT
iptables -A INPUT_LOG_ACCEPT -j LOG --log-prefix "INPUT_ACCEPT -> "
iptables -A INPUT_LOG_ACCEPT -j ACCEPT

iptables -N INPUT_LOG_DROP
iptables -A INPUT_LOG_DROP -j LOG --log-prefix "INPUT_DROP -> "
iptables -A INPUT_LOG_DROP -j DROP

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT # accepte toutes les connexions en provenance du réseau local
iptables -A INPUT -p tcp --dport 433 -j INPUT_LOG_ACCEPT # on n'accepte que les connexions sur les port 433/TCP depuis l'extérieur
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # on accepte le port https
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state NEW,INVALID -j INPUT_LOG_DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -j ACCEPT
}

tables_clear()
{
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
}

tables_stop()
{
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -j REJECT
iptables -A OUTPUT -j REJECT
iptables -A FORWARD -j REJECT
}

tables_usage()
{
echo "usage: $0 [ start | stop | clear ]"
}

case "$1" in
stop)
echo " Stoping firewall ..."
tables_clear
tables_stop
exit 0
;;
clear)
tables_clear
exit 0
;;
start)
echo " Starting firewall ..."
tables_clear
tables_start
exit 0
;;

-h|--help)
tables_usage
exit 0
;;
*)
tables_clear
tables_start
exit 0
;;
esac

exit 1