From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-167895-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 448FA13888F
	for <garchives@archives.gentoo.org>; Wed,  7 Oct 2015 18:20:42 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id C99E721C010;
	Wed,  7 Oct 2015 18:20:27 +0000 (UTC)
Received: from mail-io0-f173.google.com (mail-io0-f173.google.com [209.85.223.173])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 874F1E0801
	for <gentoo-user@lists.gentoo.org>; Wed,  7 Oct 2015 18:20:26 +0000 (UTC)
Received: by ioiz6 with SMTP id z6so31914058ioi.2
        for <gentoo-user@lists.gentoo.org>; Wed, 07 Oct 2015 11:20:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=3xJkYRF5BJ4LqxjEUE5m5gRIHF79Z77uJKJsQzCgEZ4=;
        b=PJa4UCUypIHONup36okuohKUql1Fa2nnwVXX136V6CnshXeLnQuSmboANqtuR6NIxo
         I0Dzzwpzef/zkaN6LLVje/GJJXiiZa7+6XoWQO3QykkHanIuH0TSG/louSvVYGfdwEXM
         mguRrHIkq4MhyAnLDiO8eW7Y01sq2iFvbw/L1elP9z/q/JYpj+WvMezQAo/ire3eAQ9E
         J8cpPjwr9+PKhzFVJpyYLGrgPOlUGmmaOEJ7qtZWk9ag89JVpwH7lyc0aLEXLFv9CQOQ
         SKJVFVH35pfMwacegO4dp0TtTPWWh47aPgFbhlEmQiuh0u8TPFiskhTbSqMVs/q2n3XX
         CG/Q==
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
X-Received: by 10.107.163.204 with SMTP id m195mr4114990ioe.65.1444242025691;
 Wed, 07 Oct 2015 11:20:25 -0700 (PDT)
Received: by 10.79.65.137 with HTTP; Wed, 7 Oct 2015 11:20:25 -0700 (PDT)
In-Reply-To: <loom.20151006T210434-749@post.gmane.org>
References: <loom.20151006T210434-749@post.gmane.org>
Date: Wed, 7 Oct 2015 14:20:25 -0400
Message-ID: <CAOdo=SwfSfsvghiB0f3RjuTu4hOUTXTNeqPyeGX5bS==UbDv9Q@mail.gmail.com>
Subject: Re: [gentoo-user] workstation iptables
From: Tom H <tomh0665@gmail.com>
To: Gentoo User <gentoo-user@lists.gentoo.org>
Content-Type: text/plain; charset=UTF-8
X-Archives-Salt: 7e409d9d-15cd-47dd-a852-c2f3303d490b
X-Archives-Hash: 069c9a73cb922a57b31078b9864cb72d

On Tue, Oct 6, 2015 at 3:14 PM, James <wireless@tampabay.rr.com> wrote:
>
> #!/bin/bash
> # A basic stateful firewall for a workstation or laptop that isn't running any
> # network services like a web server, SMTP server, ftp server, etc.
>
> if [ "$1" = "start" ]
> then
>         echo "Starting firewall..."
>         iptables -P INPUT DROP
>         iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> elif [ "$1" = "stop" ]
> then
>         echo "Stopping firewall..."
>         iptables -F INPUT
>         iptables -P INPUT ACCEPT
> fi

Since you're starting from scratch, you might want to replace "-m
state --state" by "-m conntrack --ctstate" because the former's
deprecated and is now an alias to the latter.