[mirrors/Programs.git] / php / hfirewall / fwscript.sh

#!/bin/sh
#This firewall script was generated by Harvie's php firewall (0.1 Alpha)

#Author: Harvie 2oo7
#Description: Sample HFW Configuration File (THX2 http://www.brandonhutchinson.com/iptables_fw.html)
######################################################################################################


#Rules Others:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians

#Rules IPTables:
/sbin/iptables --flush

/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT

/sbin/iptables --policy INPUT DROP
/sbin/iptables --policy OUTPUT DROP
/sbin/iptables --policy FORWARD DROP

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 20 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 21 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 8080 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 111 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 113 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 139 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 445 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 548 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 901 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 1023 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 2049 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 5500 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 5900 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 5901 -m state --state NEW -j ACCEPT

/sbin/iptables -A INPUT -j DROP
Commit	Line	Data
79a323cb H	1	#!/bin/sh
	2	#This firewall script was generated by Harvie's php firewall (0.1 Alpha)
	3
	4	#Author: Harvie 2oo7
	5	#Description: Sample HFW Configuration File (THX2 http://www.brandonhutchinson.com/iptables_fw.html)
	6	######################################################################################################
	7
	8
	9	#Rules Others:
	10	echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
	11	echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
	12	echo 1 > /proc/sys/net/ipv4/tcp_syncookies
	13	echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
	14	echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
	15	echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
	16	echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
	17
	18	#Rules IPTables:
	19	/sbin/iptables --flush
	20
	21	/sbin/iptables -A INPUT -i lo -j ACCEPT
	22	/sbin/iptables -A OUTPUT -o lo -j ACCEPT
	23
	24	/sbin/iptables --policy INPUT DROP
	25	/sbin/iptables --policy OUTPUT DROP
	26	/sbin/iptables --policy FORWARD DROP
	27
	28	/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
	29	/sbin/iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
	30
	31	/sbin/iptables -A INPUT -p tcp --dport 20 -m state --state NEW -j ACCEPT
	32	/sbin/iptables -A INPUT -p tcp --dport 21 -m state --state NEW -j ACCEPT
	33	/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
	34	/sbin/iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
	35	/sbin/iptables -A INPUT -p tcp --dport 8080 -m state --state NEW -j ACCEPT
	36	/sbin/iptables -A INPUT -p tcp --dport 111 -m state --state NEW -j ACCEPT
	37	/sbin/iptables -A INPUT -p tcp --dport 113 -m state --state NEW -j ACCEPT
	38	/sbin/iptables -A INPUT -p tcp --dport 139 -m state --state NEW -j ACCEPT
	39	/sbin/iptables -A INPUT -p tcp --dport 445 -m state --state NEW -j ACCEPT
	40	/sbin/iptables -A INPUT -p tcp --dport 548 -m state --state NEW -j ACCEPT
	41	/sbin/iptables -A INPUT -p tcp --dport 901 -m state --state NEW -j ACCEPT
	42	/sbin/iptables -A INPUT -p tcp --dport 1023 -m state --state NEW -j ACCEPT
	43	/sbin/iptables -A INPUT -p tcp --dport 2049 -m state --state NEW -j ACCEPT
	44	/sbin/iptables -A INPUT -p tcp --dport 5500 -m state --state NEW -j ACCEPT
	45	/sbin/iptables -A INPUT -p tcp --dport 5900 -m state --state NEW -j ACCEPT
	46	/sbin/iptables -A INPUT -p tcp --dport 5901 -m state --state NEW -j ACCEPT
	47
	48	/sbin/iptables -A INPUT -j DROP
	49
	50