my iptables script
Hello all,
As some of you might remember, i came here for help with my gateway at
thhe beginning of summer, and all of you helped me out very much, i'm
very gratefull. Now i finally came closer to finishing up the firewall
script, and i was wondering if when i have done is a safe way to set up
a firewall. I'll post my script below, and any feedback would be very
much appreciated. This script runs out of /etc/init.d and i put a
symlink in /etc/rcS.d named S42firewall. I'm not sure if this is the
best way to start and stop the script, but it's the best that I know.
Thanks in Advance,
Jule
ps. i did block off my ip.
//script
#!/bin/sh
case "$1" in
start)
echo "Setting firewall rules..."
#ipforwarding and masquerading
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -m state --stat ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
#redirecting ports
iptables -t nat -A PREROUTING -d 140.232.x.x -p tcp --dport 2401 -j
DNAT --to-destination 192.168.0.2:2401
iptables -t nat -A PREROUTING -d 140.232.x.x -p tcp --dport 80 -j
DNAT --to-destination 192.168.0.2:80
iptables -t nat -A PREROUTING -d 140.232.x.x -p tcp --dport 22 -j
DNAT --to-destination 192.168.0.2:80
;;
stop)
echo "Stopping firewall..."
#ipforwarding and masquerading
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
iptables -D INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -D INPUT -i lo -j ACCEPT
iptables -t nat -D POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
#stopping redirect
iptables -t nat -D PREROUTING -d 140.232.x.x -p tcp --dport 2401 -j
DNAT --to-destination 192.168.0.2:2401
iptables -t nat -D PREROUTING -d 140.232.x.x -p tcp --dport 80 -j
DNAT --to-destination 192.168.0.2:80
iptables -t nat -D PREROUTING -d 140.232.x.x -p tcp --dport 22 -j
DNAT --to-destination 192.168.0.2:80
;;
*)
echo "Usage: firewall {start|stop}"
esac
Reply to: