On 09/17/2013 07:21 AM, P J P wrote:
----- Original Message -----
From: P J P <pj.pandit@xxxxxxxxxxx>
Subject: About F19 Firewall
It doesn't have to be so complicated that even if one tries to understand it, he/she can not. :(
This small script seems to work good.
===
#!/bin/sh
#
# fw.sh: a basic drop unless allowed firewall.
FW='iptables -t filter '
# main
{
$FW -A INPUT -i lo -j ACCEPT;
$FW -A INPUT -p icmp -s 10.x.x.x/16 -j ACCEPT;
$FW -A INPUT -p tcp -s 10.x.x.x/16 -m state --state NEW --dport 22 -j ACCEPT;
$FW -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
$FW -A INPUT -j REJECT --reject-with icmp-host-prohibited;
$FW -A OUTPUT -p tcp -m state --state NEW -s 10.x.x.x/16 -d facebook.com \
-j REJECT --reject-with icmp-host-prohibited
$FW -P INPUT DROP;
$FW -P FORWARD DROP;
exit 0;
}
===
If a static firewall configuration fits your needs, just disable
firewalld and use the ip*tables firewall services:
https://fedoraproject.org/wiki/FirewallD?rd=FirewallD/#Using_static_firewall_rules_with_the_iptables_and_ip6tables_services
BTW: If are not configuring an IPv6 firewall, I would highly recommend
to either also add an IPv6 firewall with the ip6tables service or to
deactivate IPv6 on your machine.
---
Regards
-Prasad
http://feedmug.com
Regards,
Thomas
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
