This isn't anywhere close to done. For example, there should be a limit+logging rule on ICMP echo requests, etc. But, it does work. :) I made some notes to myself in the script which are basically a mirror of what I wrote the other day. My iptables script lives in /etc/sysconfig, along with the real configuration file, which is just named iptables. That one has the output from iptables-save in it. Sequence of commands: service iptables stop (terminates firewall, but leaves modules loaded) ./iptables.sh (sets up the firewall the way I want it) service iptables save (iptables-save output to /etc/sysconfig/iptables) service iptables start (starts up the service with the rules I want) service network start (starts up the networking, protected by firewall) Make sure that you've disabled the ipchains firewall (generally on by default) and rmmod'ed the ipchains module, because otherwise the iptables stuff won't do anything, as the two modules can't coexist. -- Matt Drew Peer Review team lead and Bughunter Red Hat Consumer Services
Attachment:
iptables.sh
Description: Bourne shell script