-
Notifications
You must be signed in to change notification settings - Fork 48
firewall.sh
Calin Crisan edited this page Jun 4, 2021
·
2 revisions
The following paths are searched, in this order: /etc/firewall.sh, /data/etc/firewall.sh and /boot/firewall.sh. Files that are present are run in order to set up the firewall.
No firewall files are present by default and should be created by the user, if a firewall is needed.
The file is a shell script that should contain iptables commands. There's no need for executable flag.
The following firewall script blocks access to the system on all ports except 22 and 80, as well as ping:
# default policies
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
# locally originating
iptables -t filter -A INPUT -i lo -j ACCEPT
# established
iptables -t filter -A INPUT -m state --state established,related -j ACCEPT
# inbound traffic
iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A INPUT -p icmp -j ACCEPT
- bluetooth.conf
- captive-portal.conf
- cpufreq.conf
- date.conf
- dnsmasq.conf
- docker-compose.yml
- dtoverlays
- dyndns-update.sh
- environment
- firewall.sh
- fstab.user
- hostapd.conf
- ifalias.conf
- localtime
- modprobe.conf
- modules
- mongodb.conf
- netwatch.conf
- ntp.conf
- os.conf
- proftpd.conf
- redis.conf
- smb.conf
- ssh/config
- ssh/sshd_config
- ssl/domain
- ssl/email
- static_ip.conf
- sysctl.conf
- toemmc.conf
- version
- watchdog.conf
- wpa_supplicant.conf