Hello, I just ran across this page:
http://gentoo-en.vfose.ru/wiki/Iptables/Iptables_and_stateful_firewalls#State_basics It has a basic firewall using iptables. Not bad for a generic firewall on a openrc workstation. What is the best way to auto lauch this sort of firewall.sh ? Any improvements in this basic workstation firewall everything out, nothing in? A simple rule for ssh in only from the local lan (use 192.168.100.100 for example rule(s). ................................... firewall.sh ................................... #!/bin/bash # A basic stateful firewall for a workstation or laptop that isn't running any # network services like a web server, SMTP server, ftp server, etc. if [ "$1" = "start" ] then echo "Starting firewall..." iptables -P INPUT DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT elif [ "$1" = "stop" ] then echo "Stopping firewall..." iptables -F INPUT iptables -P INPUT ACCEPT fi ............................ just launched manually as a script. Any good tools to quickly test this firewall from another local workstation? wwr, James
