Firewall Configuration/Creating a Basic Firewall

From Caos Linux Wiki

Jump to: navigation, search

Creating a Basic Firewall

NOTE: The procedures described in this document are executed in bash

cAos 2 comes without a firewall. To enable this we will need to create a rc.firewall script in /etc/rc.d. The rc.d directory contains the system startup scripts. rc.inet1 starts our interfaces and rc.inet2 will start the rc.firewall script if it exists. To create, install, and activate the firewall, do the following:

  • Log in as root: su - root
  • Save the text below as /etc/rc.d/rc.firewall 
#!/bin/bash
#
#    ------------------------------------------------------
#
#    This is a firewall script intending to keep "potential intruders"
#    out from cAos 2 connected to Internet by a "Broadband connection"
#
#    Copyright (C) 2005  Per R. M. Lindstrom
#    Per.Lindstrom at freeminder.se 2005 Mars 27
#    www.freeminder.se
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of the GNU General Public License as
#    published by the Free Software Foundation; either version 2 of the 
#    License, or any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 59 Temple Place, Suite 330, Boston,
#    MA  02111-1307  USA
#
#    -----------------------------------------------------
#
#    INSTRUCTION HOWTO USE
#
#    cAos 2 comes with out a firewall and to enable this we will need to
#    create a rc.firewall script in /etc/rc.d. The rc.d directory
#    contains the system startup scripts. rc.inet1 starts our interfaces 
#    and rc.inet2 will start the rc.firwall script if it exists.
#    To create install and activate the firewall do following actions:
#
#    1) Save this file as /etc/rc.d/rc.firewall
#
#    2) Make it executable in /etc/rc.d by the command:
#       chmod 755 rc.firewall
#
#    3) Start the script by the command:
#       ./rc.firewall
#    -----------------------------------------------------

iptables -P INPUT DROP
iptables -P FORWARD DROP

# Allow established connections and programs that use loopback

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT

# Lets SSH allow to connecting

iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT

# END SCRIPT
  • Make it executable in /etc/rc.d by the command: chmod 755 rc.firewall
  • Start the script by the command: ./rc.firewall
Retrieved from "http://wiki.caoslinux.org/Firewall_Configuration/Creating_a_Basic_Firewall"
Personal tools