Initial commit

firewall.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+#Firewallscript written by David Leutgeb
+
+#Alle Einstellungen löschen
+
+echo "Flush all existing chains"
+iptables -F
+
+echo "Delete all custom chains"
+iptables -X
+
+#Eingehende Verbindungen akzeptieren
+echo "Accept incoming connections"
+
+iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
+#iptables -A INPUT -p tcp --dport 10051 -m state --state NEW -j ACCEPT
+#iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
+#iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
+#iptables -A INPUT -p udp --dport 162 -m state --state NEW -j ACCEPT
+
+#ICMP akzeptieren
+echo "Accept ICMP"
+
+iptables -A OUTPUT -p icmp -j ACCEPT
+iptables -A INPUT -p icmp -j ACCEPT
+
+#Alle bereits hergestellten Verbindungen akzeptieren
+
+echo "Accept established and related connections"
+iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+#Ausgehende Verbindungen erlauben
+
+echo "Accept outgoing connections"
+
+iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
+ip6tables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
+
+#Lokale Verbindungen akzeptieren
+
+echo "Accept local Connections"
+iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
+iptables -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
+
+#Alle Verbindungen standardmäßig verbieten
+
+echo "Deny all connections"
+iptables -P INPUT DROP
+iptables -P OUTPUT DROP
+iptables -P FORWARD DROP
+
+ip6tables -P INPUT DROP
+ip6tables -P OUTPUT DROP
+ip6tables -P FORWARD DROP