On 09/17/2013 07:21 AM, P J P wrote:
----- Original Message -----
From: P J P <pj.pan...@yahoo.co.in>
Subject: About F19 Firewall
It doesn't have to be so complicated that even if one tries to understand it, 
he/she can not. :(


    This small script seems to work good.

===
#!/bin/sh
#
# fw.sh: a basic drop unless allowed firewall.

FW='iptables -t filter '

# main
{
     $FW -A INPUT -i lo -j ACCEPT;
     $FW -A INPUT -p icmp -s 10.x.x.x/16 -j ACCEPT;
     $FW -A INPUT -p tcp  -s 10.x.x.x/16 -m state --state NEW --dport 22 -j 
ACCEPT;
     $FW -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
     $FW -A INPUT -j REJECT --reject-with icmp-host-prohibited;

     $FW -A OUTPUT -p tcp -m state --state NEW -s 10.x.x.x/16 -d facebook.com \
                     -j REJECT --reject-with icmp-host-prohibited

     $FW -P INPUT DROP;
     $FW -P FORWARD DROP;

     exit 0;
}
===

If a static firewall configuration fits your needs, just disable firewalld and use the ip*tables firewall services:

https://fedoraproject.org/wiki/FirewallD?rd=FirewallD/#Using_static_firewall_rules_with_the_iptables_and_ip6tables_services

BTW: If are not configuring an IPv6 firewall, I would highly recommend to either also add an IPv6 firewall with the ip6tables service or to deactivate IPv6 on your machine.


---
Regards
    -Prasad
http://feedmug.com

Regards,
Thomas
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Reply via email to