- Registriert
- 21. September 2009
- Beiträge
- 7.781
- Reaktionspunkte
- 4.999
- Punkte
- 373
Code:
nano /etc/init.d/firewall
Code:
#!/bin/sh
### BEGIN INIT INFO
# Provides: custom firewall
# Required-Start: $remote_fs $syslog $network
# Required-Stop: $remote_fs $syslog $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: firewall initscript
# Description: Custom Firewall
### END INIT INFO
case "$1" in
start)
$IPT -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -I INPUT -i lo -j ACCEPT
$IPT -I OUTPUT -o lo -j ACCEPT
# SSH
$IPT -A INPUT -i eth0 -p tcp --dport 22-j ACCEPT
# OSCAM WEBINTERFACE
$IPT -A INPUT -i eth0 -p tcp --dport 16002-j ACCEPT
# CCCAM
$IPT -A INPUT -i eth0 -p tcp --dport 12000-j ACCEPT
# CCCAM WEBINTERFACE
$IPT -A INPUT -i eth0 -p tcp --dport 16001-j ACCEPT
# CS378X
$IPT -A INPUT -i eth0 -p tcp --dport 12345-j ACCEPT
# CAMD35
$IPT -A INPUT -i eth0 -p udp --dport 12345-j ACCEPT
# BLOCCO PING
$IPT -A INPUT -i eth0 -j REJECT
# SICUREZZA
$IPT -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
$IPT -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
$IPT -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
$IPT -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s
echo "Firewall attivata"
exit 0
;;
stop)
$IPT -F INPUT
echo "Firewall disattivata"
exit 0
;;
restart|reload|force-reload)
$0 stop
sleep 1
$0 start
exit 0
;;
*)
echo "Usage: $0 {start|stop|restart|reload|force-reload}"
exit 1
;;
esac
Code:
chmod 775 /etc/init.d/firewall
Code:
ln -s /etc/init.d/firewall /usr/sbin/fDa ora in poi la Firewall si puo controllare con questi commandi:
Code:
f start
f stop
f restart
f reload
f force-reload
Zuletzt bearbeitet: