My Firewall / Iptables Scripts

This is a list of my firewall (iptables) scripts I use to secure my boxes. They're all licensed under the terms of the GPL.

Note: This is work in progress and will be updated from time to time. If you have any comments, corrections or suggestions, feel free to contact me.

The firewall scripts:

  • fw_laptop — An iptables script intended to secure laptops and desktop boxes (i.e. not public servers)
  • fw_blockall — An iptables script which blocks all traffic (INPUT, OUTPUT and FORWARD). Not even traffic to/from localhost is allowed. All pings are disabled (normal and broadcast).

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

fw_laptop

Hello
I'd look inside you fw_laptop script and it seemed to me very interesting and secure. Actually I use firestarter to configure my firewall on Ubuntu Gutsy. So I decide to test it mostly because of possibility to disable ipv6, iana and ports above 1024. I've already blacklisted ipv6 in kernel. When I run your script for the first time I can't get connection to the internet at all. So I'd tried to remove prohibition of iana reserved addresses but even like that no net connection. I'd like to ask You, if You have time to answer, is it because I use Ubuntu or it have to do something with my laptops hardware?

Cheers from Portugal and thank You for tips and tricks You share with us

fw_laptop

Hi,

please define "can't get connection to the internet at all". Note that the script also does outbound filtering, i.e. it limits the allowed traffic from your computer to the Internet to only certain ports (not only the other direction). That can be configured/changes in the script of course. Did you try to ping some host, did you try a webbrowser etc?

HTH, Uwe.

fw_laptop

Sorry about not responding all this time. Finally I have returned to the GUI configuration cause it was easier for me at that time. But as you know, every Linux user is curious by nature, specially newbies. I believe that we can't reach fully power of our OS without understanding what's going on under GUI. Guided by that idea I've tried so many things till now and I specially appreciate your howtos. Now that I understand things better it wasn't problem to modify you new configuration script for my needs. Thank you ones again for the effort you've been doing and sharing your experiences with community.

PS. Marry Christmas and Happy New Year