Wiki

User Tools

Site Tools

Trace: l3_tunneling
iptables:implement_a_basic_firewall

This is an old revision of the document!

Table of Contents

IPTables - Implement a basic firewall

Create the firewall reset script

This scripts completely clears the firewall, and changes all policies to ACCEPT so that the system is complete opened up.

Issue the following command: 

sudo vi /sharewiz/firewall/firewall-reset.sh

…add the following content to the file:

/sharewiz/firewall/firewall-reset.sh
#!/bin/bash
#
# Resets all firewall rules
echo "Stopping firewall and allowing everyone..."
#
# Modify the following settings as required:
#
IPTABLES=/sbin/iptables
#
# Reset the default policies in the filter table.
#
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
#
# Reset the default policies in the nat table.
#
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
#
# Reset the default policies in the mangle table.
#
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P POSTROUTING ACCEPT
$IPTABLES -t mangle -P INPUT ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
$IPTABLES -t mangle -P FORWARD ACCEPT
#
# Flush all the rules in the filter, nat and mangle tables.
#
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
#
# Erase all chains that are not default in filter, nat and mangle tables.
#
$IPTABLES -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -X

Setup a failsafe when initially setting up the firewall

Prevent being locked out with IP table changes.

Issue the following command: 

sudo vi /etc/cron.d/firewall-reset-sharewiz

…add the following content to the file:

/etc/cron.d/firewall-reset-sharewiz
0,10,20,30,40,50 * * * * root /sharewiz/firewall/firewall-reset.sh

Make the firewall reset cron job executable

Issue the following command: 

sudo chmod 755 /etc/cron.d/firewall-reset-sharewiz

Create the firewall start / stop script

Issue the following command: 

sudo vi /etc/init.d/firewall-sharewiz

…add the following content to the file:

/etc/init.d/firewall-sharewiz
#!/bin/bash
#
# Start and stop the Firewall.
# Modify the following settings as required:
IPTABLES=/sbin/iptables
# Required-Start: $network
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
### END INIT INFO
opts="start stop restart"
#if [[ $1 == start ]] ; then
case "$1" in
    start)
        /sharewiz/firewall/firewall.sh
;;
    stop)
        $IPTABLES --flush
        $IPTABLES -t nat --flush
        $IPTABLES -F -t mangle
        $IPTABLES -P INPUT ACCEPT
        $IPTABLES -P OUTPUT ACCEPT
        $IPTABLES -P FORWARD ACCEPT
        $IPTABLES -t nat -P POSTROUTING ACCEPT
        $IPTABLES -t nat -P PREROUTING ACCEPT
        $IPTABLES -t nat -P OUTPUT ACCEPT
;;
    restart)
        $IPTABLES --flush
        $IPTABLES -t nat --flush
        $IPTABLES -F -t mangle
        $IPTABLES -P INPUT ACCEPT
        $IPTABLES -P OUTPUT ACCEPT
        $IPTABLES -P FORWARD ACCEPT
        $IPTABLES -t nat -P POSTROUTING ACCEPT
        $IPTABLES -t nat -P PREROUTING ACCEPT
        $IPTABLES -t nat -P OUTPUT ACCEPT
        /sharewiz/firewall/firewall.sh
;;
esac
exit 0
iptables/implement_a_basic_firewall.1475882820.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki