----- Original Message -----
From: P J P <pj.pandit(a)yahoo.co.in>
Subject: About F19 Firewall
It doesn't have to be so complicated that even if one tries to understand it, he/she
can not. :(
This small script seems to work good.
===
#!/bin/sh
#
# fw.sh: a basic drop unless allowed firewall.
FW='iptables -t filter '
# main
{
$FW -A INPUT -i lo -j ACCEPT;
$FW -A INPUT -p icmp -s 10.x.x.x/16 -j ACCEPT;
$FW -A INPUT -p tcp -s 10.x.x.x/16 -m state --state NEW --dport 22 -j ACCEPT;
$FW -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
$FW -A INPUT -j REJECT --reject-with icmp-host-prohibited;
$FW -A OUTPUT -p tcp -m state --state NEW -s 10.x.x.x/16 -d
facebook.com
\
-j REJECT --reject-with icmp-host-prohibited
$FW -P INPUT DROP;
$FW -P FORWARD DROP;
exit 0;
}
===
---
Regards
-Prasad
http://feedmug.com