Simple script questions
Chris Mulcahy <firstname.lastname@example.org>
Tue, 14 Aug 2001 12:39:13 -0500
I have this very simple script which I use to set up a very
simple IPTables firewall with masquerading. It does a great
job and keeps my machine very well protected, I believe. I'm
not sure where I got it, maybe from the IPTables Tutorial.
Now, I would like to understand this a bit more. Could
someone help me to comment it and maybe make it a bit better?
Specifically, I would like to be able to re-run it without the
errors that occur because the chains already exist. I would
also like to know how I would allow a few specific ports to be
visible on my external interface, specifically 25 and/or 80.
Thanks for the help!
--> SCRIPT BEGINS <--
iptables -N block
echo Moving to Add blocking where state is not extablished or
iptables -A block -m state --state ESTABLISHED,RELATED -j
iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -A block -j DROP
## Jump to that chain from INPUT and FORWARD chains.
iptables -A INPUT -j block
iptables -A FORWARD -j block
# Masquerade out ppp0
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# Disallow NEW and INVALID incoming or forwarded packets from
iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i ppp0 -m state --state NEW,INVALID -j
# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
--> SCRIPT ENDS <--