Jerome BENOIT wrote:
Hello List, I am currently trying to configure an ambedded linux box (openwrt): I would like to generate a script on my main (Debian/Sarge) box for the tiny box (so tiny that bash cannot be installed, so unfortunately I cannot install FireHOL). Any idea ? Thanks in advance, Jerome
If by no bash you mean that you don't have bash but you still have /bin/sh then here is what I use. It is very basic and uses no advanced shell script constructs. #! /bin/sh iptables -F iptables -X iptables -N block iptables -A INPUT -p udp -m udp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT iptables -A INPUT -j block iptables -A FORWARD -j block iptables -A block -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A block -i ! eth0 -m state --state NEW -j ACCEPT iptables -A block -j DROP It is just a series of statements. If you have simple requirements (like me), this should be enough. It allows only inbound SSH, and nothing over any connection other than eth0. Incidentally, I use this for my laptop since it is normally behind my firewall at home, but I occasionally take it outside. -Roberto Sanchez
Attachment:
signature.asc
Description: OpenPGP digital signature