roramirez/simple_iptables_firewall_init.sh

## simple_iptables_firewall_init.sh
#!/bin/sh
### BEGIN INIT INFO
# Provides:          init_firewall
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Firewall for init.d
# Description:       This file should be used to construct scripts to be
#                    placed in /etc/init.d.  This example start a
#                    single forking daemon capable of writing a pid
#                    file.  To get other behavoirs, implemend
#                    do_start(), do_stop() or other functions to
#                    override the defaults in /lib/init/init-d-script.
### END INIT INFO

# Author: Rodrigo Ramírez <a@rodrigoramirez.com>
#

DESC="Firewall"
. /lib/lsb/init-functions


flush() {
	iptables -F
	iptables -X
	iptables -Z
	iptables -t nat -F

	# Default policy
	iptables -P INPUT ACCEPT
	iptables -P OUTPUT ACCEPT
	iptables -P FORWARD ACCEPT
	iptables -t nat -P PREROUTING ACCEPT
	iptables -t nat -P POSTROUTING ACCEPT
}

add_rules() {

	# example rules
  # enable mysql for ip 1.1.1.1 on server 2.2.2.2
  # other access to mysql from other ips are denys
	iptables -A INPUT -p tcp -s 1.1.1.1 --sport 1024:65535 -d 2.2.2.2  --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
	iptables -A OUTPUT -p tcp -s 1.1.1.1 --sport 3306 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
	iptables -A INPUT -p tcp --dport 3306 -i eth0 -j REJECT
}

status(){
	iptables -L
	iptables -L -t nat

}

case "${1:-''}" in
  'start')
	log_daemon_msg "Starting Firewall ..."
	flush
	add_rules
	;;
  'stop')
	log_daemon_msg "Stopping Firewall ..."
	flush
	;;
  'restart')
	flush
	add_rules
	;;
  'reload'|'force-reload')
	log_daemon_msg "Reloading Rules"
	add_rules
	;;
  'status')
	status
	;;
  *)
	echo "Usage: $SELF start|stop|restart|reload|force-reload|status"
	exit 1
	;;
esac
	#!/bin/sh
	### BEGIN INIT INFO
	# Provides: init_firewall
	# Required-Start: $remote_fs $syslog
	# Required-Stop: $remote_fs $syslog
	# Default-Start: 2 3 4 5
	# Default-Stop: 0 1 6
	# Short-Description: Firewall for init.d
	# Description: This file should be used to construct scripts to be
	# placed in /etc/init.d. This example start a
	# single forking daemon capable of writing a pid
	# file. To get other behavoirs, implemend
	# do_start(), do_stop() or other functions to
	# override the defaults in /lib/init/init-d-script.
	### END INIT INFO

	# Author: Rodrigo Ramírez <a@rodrigoramirez.com>
	#

	DESC="Firewall"
	. /lib/lsb/init-functions


	flush() {
	iptables -F
	iptables -X
	iptables -Z
	iptables -t nat -F

	# Default policy
	iptables -P INPUT ACCEPT
	iptables -P OUTPUT ACCEPT
	iptables -P FORWARD ACCEPT
	iptables -t nat -P PREROUTING ACCEPT
	iptables -t nat -P POSTROUTING ACCEPT
	}

	add_rules() {

	# example rules
	# enable mysql for ip 1.1.1.1 on server 2.2.2.2
	# other access to mysql from other ips are denys
	iptables -A INPUT -p tcp -s 1.1.1.1 --sport 1024:65535 -d 2.2.2.2 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
	iptables -A OUTPUT -p tcp -s 1.1.1.1 --sport 3306 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
	iptables -A INPUT -p tcp --dport 3306 -i eth0 -j REJECT
	}

	status(){
	iptables -L
	iptables -L -t nat

	}

	case "${1:-''}" in
	'start')
	log_daemon_msg "Starting Firewall ..."
	flush
	add_rules
	;;
	'stop')
	log_daemon_msg "Stopping Firewall ..."
	flush
	;;
	'restart')
	flush
	add_rules
	;;
	'reload'\|'force-reload')
	log_daemon_msg "Reloading Rules"
	add_rules
	;;
	'status')
	status
	;;
	*)
	echo "Usage: $SELF start\|stop\|restart\|reload\|force-reload\|status"
	exit 1
	;;
	esac