From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 5923F13888F for ; Tue, 6 Oct 2015 19:15:31 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B47CEE088F; Tue, 6 Oct 2015 19:15:16 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A9C3EE0887 for ; Tue, 6 Oct 2015 19:15:15 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1ZjXhf-0003V7-2s for gentoo-user@lists.gentoo.org; Tue, 06 Oct 2015 21:15:11 +0200 Received: from static-71-122-242-106.tampfl.fios.verizon.net ([71.122.242.106]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 06 Oct 2015 21:15:11 +0200 Received: from wireless by static-71-122-242-106.tampfl.fios.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 06 Oct 2015 21:15:11 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: James Subject: [gentoo-user] workstation iptables Date: Tue, 6 Oct 2015 19:14:59 +0000 (UTC) Message-ID: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: sea.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 71.122.242.106 (Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 SeaMonkey/2.35) X-Archives-Salt: 4052c58c-508a-4cba-b700-2d80fa95a605 X-Archives-Hash: 7008cb445b9f8d8fdbcd3d4ed7c54aa8 Hello, I just ran across this page: http://gentoo-en.vfose.ru/wiki/Iptables/Iptables_and_stateful_firewalls#State_basics It has a basic firewall using iptables. Not bad for a generic firewall on a openrc workstation. What is the best way to auto lauch this sort of firewall.sh ? Any improvements in this basic workstation firewall everything out, nothing in? A simple rule for ssh in only from the local lan (use 192.168.100.100 for example rule(s). ................................... firewall.sh ................................... #!/bin/bash # A basic stateful firewall for a workstation or laptop that isn't running any # network services like a web server, SMTP server, ftp server, etc. if [ "$1" = "start" ] then echo "Starting firewall..." iptables -P INPUT DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT elif [ "$1" = "stop" ] then echo "Stopping firewall..." iptables -F INPUT iptables -P INPUT ACCEPT fi ............................ just launched manually as a script. Any good tools to quickly test this firewall from another local workstation? wwr, James