[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewall script for a tiny box

Jerome BENOIT wrote:
Hello List,

I am currently trying to configure an ambedded linux box (openwrt):
I would like to generate a script on my main (Debian/Sarge) box
for the tiny box (so tiny that bash cannot be installed,
so unfortunately I cannot install FireHOL).
Any idea ?

Thanks in advance,

If by no bash you mean that you don't have bash but you still have
/bin/sh then here is what I use.  It is very basic and uses no
advanced shell script constructs.

#! /bin/sh

iptables -F
iptables -X
iptables -N block
iptables -A INPUT -p udp -m udp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -j block
iptables -A FORWARD -j block
iptables -A block -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A block -i ! eth0 -m state --state NEW -j ACCEPT
iptables -A block -j DROP

It is just a series of statements.  If you have simple requirements
(like me), this should be enough.  It allows only inbound SSH,
and nothing over any connection other than eth0.  Incidentally,
I use this for my laptop since it is normally behind my firewall at
home, but I occasionally take it outside.

-Roberto Sanchez

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: