#!/bin/bash
#poormans firewall script
INT=eth0
/sbin/modprobe ip_tables
# ensure that all necessary modules are loaded into the kernel
# what do they do?
# ip_tables is so that the iptables tool can adjust certain
# kernel parameters
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -F INPUT
# set policy for the INPUT chain to be accept, and then
# flush all rules
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -F OUTPUT
# set OUTPUT to be accept, and flush all rules
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F FORWARD
# set FORWARD chain to drop everything, unless told differently
# then flush all rules
# Voila. We've set some rules, but we aren't doing anything useful
# at all. Why? We're allowing ALL traffic to be output, and all
# traffic to be input. That's pretty poor filtering in anyone's book.
NEXT
PREVIOUS
Master Index