-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpdcfw-main.sh
executable file
·44 lines (34 loc) · 1.25 KB
/
pdcfw-main.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# pdcfw - manages PDC Linux Netfilter/IPtables firewall configuration
# pdcfw-main.sh - pdcfw test main routine
# Author: Ilari Korhonen, KTH Royal Institute of Technology
#
# Copyright (C) 2018 KTH Royal Institute of Technology. All rights reserved.
# See LICENSE file for more information.
#!/bin/bash
function main()
{
# table: filter (packet filtering, default)
# rule chains: INPUT, OUTPUT, FORWARD
# rule chain: INPUT
# description: incoming, packets destined to this host
# default policy: ACCEPT
set_default_policy INPUT ACCEPT
# allow all from trusted interfaces, established connections, icmp w/ limits
allow_trusted_interfaces INPUT
allow_established INPUT
allow_icmp_with_limits INPUT
# allow SSH connections
allow with INPUT proto tcp from any to $(hostname) dport 22 stateful
# drop the rest
drop_and_log_all INPUT
# rule chain: OUTPUT
# description: outgoing, packets generated on this host
# default policy: ACCEPT
set_default_policy OUTPUT ACCEPT
# rule chain: FORWARD
# description: routing, packets destined to be routed
# default policy: ACCEPT
set_default_policy FORWARD ACCEPT
# we drop and log all packets (no routing!)
drop_and_log_all FORWARD
}