#!/bin/sh # this could be invoked from rc.local to set up firewall filtering. # new firewalling setup. ###ipchains -P forward DENY # this is too permissive. what are we hoping to block? ###ipchains -A forward -j ACCEPT -b -s 14.28.42.0/24 -d 0.0.0.0/0 ###ipchains -A forward -j ACCEPT -b -s 14.28.42.128/24 -d 0.0.0.0/0 ###ipchains -A forward -j ACCEPT -p tcp -s 0.0.0.0/0 -d 14.28.42.3 25 ###ipchains -A forward -j ACCEPT -p tcp -s 0.0.0.0/0 -d 14.28.42.2 80 # input/output rules to dictate valid sides. this can't be used # when there's a shunt around the gateway; that blocks the packets # from eth1 that really are from addresses besides 14.28.42.*. #ipchains -P input DENY #ipchains -A input -i eth0 -s 14.28.42.1 -j ACCEPT #ipchains -A input -i eth0 -s 14.28.42.71 -j ACCEPT #ipchains -A input -i eth0 -s ! 14.28.42.0/24 -j ACCEPT #ipchains -A input -i eth1 -s 14.28.42.0/24 -j ACCEPT # masquerade setup. #/sbin/depmod -a #/sbin/modprobe ip_masq_ftp #/sbin/modprobe ip_masq_raudio #/sbin/modprobe ip_masq_irc #ipchains -P forward DENY #ipchains -A forward -j MASQ -s 14.28.42.0/24 -d 0.0.0.0/0 #ipchains -A forward -j MASQ -s 14.28.42.128/24 -d 0.0.0.0/0