From bc192fe694d3a38e55d61310bd465addcf58e913 Mon Sep 17 00:00:00 2001 From: David Leutgeb Date: Wed, 8 Feb 2023 13:34:35 +0100 Subject: [PATCH] Initial commit --- firewall.sh | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 firewall.sh diff --git a/firewall.sh b/firewall.sh new file mode 100644 index 0000000..0113196 --- /dev/null +++ b/firewall.sh @@ -0,0 +1,56 @@ +#!/bin/bash + +#Firewallscript written by David Leutgeb + +#Alle Einstellungen löschen + +echo "Flush all existing chains" +iptables -F + +echo "Delete all custom chains" +iptables -X + +#Eingehende Verbindungen akzeptieren +echo "Accept incoming connections" + +iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT +#iptables -A INPUT -p tcp --dport 10051 -m state --state NEW -j ACCEPT +#iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT +#iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT +#iptables -A INPUT -p udp --dport 162 -m state --state NEW -j ACCEPT + +#ICMP akzeptieren +echo "Accept ICMP" + +iptables -A OUTPUT -p icmp -j ACCEPT +iptables -A INPUT -p icmp -j ACCEPT + +#Alle bereits hergestellten Verbindungen akzeptieren + +echo "Accept established and related connections" +iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT +ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT + +#Ausgehende Verbindungen erlauben + +echo "Accept outgoing connections" + +iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT +ip6tables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT + +#Lokale Verbindungen akzeptieren + +echo "Accept local Connections" +iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT +iptables -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT + +#Alle Verbindungen standardmäßig verbieten + +echo "Deny all connections" +iptables -P INPUT DROP +iptables -P OUTPUT DROP +iptables -P FORWARD DROP + +ip6tables -P INPUT DROP +ip6tables -P OUTPUT DROP +ip6tables -P FORWARD DROP