Ciao Enrico81, questo è il mio script per il firewall,
ancora più banale e semplice del tuo, ma per i miei attuali
scopi lo ritengo sufficiente.
Riesco a connettermi a tutti i siti ftp.codice:#!/bin/bash # # /etc/firewall/wall # # My little personal firewall. # ############# # Variables # ############# LO="lo" ############################# # Loading modules and other # ############################# echo "0" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts ############################# # Initializing the firewall # ############################# iptables -t filter -F iptables -t filter -X iptables -t filter -Z iptables -t nat -F iptables -t nat -X iptables -t nat -Z ############################## # Setting the default policy # ############################## iptables -t filter -P INPUT DROP iptables -t filter -P OUTPUT DROP iptables -t filter -P FORWARD DROP ################## # Defining rules # ################## iptables -t filter -A INPUT -i $LO -j ACCEPT iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t filter -A INPUT -m state --state INVALID -j LOG --log-prefix "INPUT(INVALID)->DROP: " iptables -t filter -A OUTPUT -j ACCEPT
Ho fatto scansioni delle porte online ed è risultata
una buona protezione della macchina. Adesso che sono
sotto router, vedo se spostare il firewall li' sopra.
Ciao.
Rispondi quotando