return to first page linux journal archive
keywordscontents

Listing 2. Adding Firewall Rules

echo Enabling firewall [ $KVERSION = "2.2" ] && {
#
# Block incoming connections to port 25 (smtp)
# This is easier than making sendmail secure, as
# I don't receive mail on my local machines
# ipchains -A input -i eth0 -p TCP -d 0/0 25 -j DENY
#
# I run AppleTalk internally to service a Mac
# client, but I don't
# want anyone to touch that from the outside
# I'm not sure if this is right, but I saw it
# somewhere
ipchains -A input -i eth0 -p TCP -d 0/0 548 -j DENY
ipchains -A input -i eth0 -p UDP -d 0/0 548 -j DENY
	# Block outside connections to lpd
	# This shouldn't matter, but I'm paranoid
ipchains -A input -i eth0 -p TCP -d 0/0 515 -j DENY
} || {
# Totally cut off outside access to SMTP
/sbin/ipfwadm -I -a reject -W eth0 -P tcp -D 0.0.0.0/0 25
# Totally cut off outside access to AppleTalk
/sbin/ipfwadm -I -a reject -W eth0 -P tcp -D 0.0.0.0/0 548
/sbin/ipfwadm -I -a reject -W eth0 -P udp -D 0.0.0.0/0 548
# And cut off lpd connections
/sbin/ipfwadm -I -a reject -W eth0 -P tcp -D 0.0.0.0/0 515
}