Che ne pensate di questo script? L'ho trovato su Beyond Linux From Scratch . Ho fatto il test su PC Flank ottenendo eccellenti risultati.
Certo e' solo un personal firewall pero' sembra funzionare molto bene.
Per favore qualche esperto dia un'occhiata, grazie mille!

codice:
#!/bin/sh

# Begin $rc_base/init.d/firewall

# Insert connection-tracking modules (not needed if built into the kernel).
modprobe ip_tables
modprobe iptable_filter
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ipt_state
modprobe ipt_LOG

# allow local-only connections
iptables -A INPUT  -i lo -j ACCEPT
# free output on any interface to any ip for any service (equal to -P ACCEPT)
iptables -A OUTPUT -j ACCEPT

# permit answers on already established connections
# and permit new connections related to established ones (eg active-ftp)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Log everything else:  What's Windows' latest exploitable vulnerability?
iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT "

# set a sane policy:    everything not accepted > /dev/null
iptables -P INPUT    DROP
iptables -P FORWARD  DROP
iptables -P OUTPUT   DROP

# be verbose on dynamic ip-addresses     (not needed in case of static IP)
echo 2 > /proc/sys/net/ipv4/ip_dynaddr

# disable ExplicitCongestionNotification - too many routers are still ignorant
echo 0 > /proc/sys/net/ipv4/tcp_ecn

# End $rc_base/init.d/firewall