The script is self explanatory, and if you dont understand it go read some newbie-guide to iptables, otherwise place the script in /etc/init.d name it firewall and run:
update-rc.d rc.firewall defaults 19
And then you are ready to go 🙂
The script:
jail03:~# cat firewall
#!/bin/sh -e
### BEGIN INIT INFO
# Provides: firewall
# Required-Start: networking
# Required-Stop:
# Default-Start: S
# Default-Stop: 0 6
# Short-Description: Raise network interfaces.
### END INIT INFO
. /lib/lsb/init-functions
case “$1” in
start)
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t filter -F INPUT
iptables -t filter -F FORWARD
iptables -t filter -F OUTPUT
log_action_begin_msg “Configuring network firewall”
iptables -P INPUT DROP
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables –new FULL
iptables –new WEB
# The Network Office
iptables -A INPUT -s 10.0.0.0/24 -j FULL
# BOFH
iptables -A INPUT -s 83.89.249.18 -j FULL
# Student range 1 and 2 are jumped to WEB
iptables -A INPUT -s 10.1.0.0/24 -j WEB
iptables -A INPUT -s 10.2.0.0/24 -j WEB
# FULL means:
iptables -A FULL -m state –state NEW -p tcp –dport 80 -j ACCEPT
iptables -A FULL -m state –state NEW -p tcp –dport 21 -j ACCEPT
# WEB means:
iptables -A WEB -m state –state NEW -p tcp –dport 80 -j ACCEPT
log_action_end_msg 0
;;
stop)
log_action_begin_msg “Tearing down network firewall”
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t filter -F INPUT
iptables -t filter -F FORWARD
iptables -t filter -F OUTPUT
iptables -F FULL
iptables –delete-chain FULL
iptables -F WEB
iptables –delete-chain WEB
log_action_end_msg 0;
;;
*)
echo “Usage: /etc/init.d/firewall {start|stop}”
exit 1
;;