Differences

This shows you the differences between two versions of the page.

--- iptables:implement_a_basic_firewall [2016/10/07 23:21] – peter
+++ iptables:implement_a_basic_firewall [2019/11/29 17:37] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== IPTables - Implement a basic firewall ======
-===== Create the firewall reset script =====
-This scripts completely clears the firewall, and changes all policies to ACCEPT so that the system is complete opened up.
-Issue the following command:
-<code bash>
-sudo vi /sharewiz/firewall/firewall-reset.sh
-</code>
-…add the following content to the file:
-<file bash /sharewiz/firewall/firewall-reset.sh>
-#!/bin/bash
-#
-# Resets all firewall rules
-echo "Stopping firewall and allowing everyone..."
-#
-# Modify the following settings as required:
-#
-IPTABLES=/sbin/iptables
-#
-# Reset the default policies in the filter table.
-#
-$IPTABLES -P INPUT ACCEPT
-$IPTABLES -P FORWARD ACCEPT
-$IPTABLES -P OUTPUT ACCEPT
-#
-# Reset the default policies in the nat table.
-#
-$IPTABLES -t nat -P PREROUTING ACCEPT
-$IPTABLES -t nat -P POSTROUTING ACCEPT
-$IPTABLES -t nat -P OUTPUT ACCEPT
-#
-# Reset the default policies in the mangle table.
-#
-$IPTABLES -t mangle -P PREROUTING ACCEPT
-$IPTABLES -t mangle -P POSTROUTING ACCEPT
-$IPTABLES -t mangle -P INPUT ACCEPT
-$IPTABLES -t mangle -P OUTPUT ACCEPT
-$IPTABLES -t mangle -P FORWARD ACCEPT
-#
-# Flush all the rules in the filter, nat and mangle tables.
-#
-$IPTABLES -F
-$IPTABLES -t nat -F
-$IPTABLES -t mangle -F
-#
-# Erase all chains that are not default in filter, nat and mangle tables.
-#
-$IPTABLES -X
-$IPTABLES -t nat -X
-$IPTABLES -t mangle -X
-</file>
-===== Setup a failsafe when initially setting up the firewall =====
-Prevent being locked out with IP table changes.
-Issue the following command:
-<code bash>
-sudo vi /etc/cron.d/firewall-reset-sharewiz
-</code>
-…add the following content to the file:
-<file /etc/cron.d/firewall-reset-sharewiz>
-,10,20,30,40,50 * * * * root /sharewiz/firewall/firewall-reset.sh
-</file>