First page Back Continue Last page Overview Graphics
Locking Down Your Firewall
Modify your firewall script...
To backup and then edit your current firewall script /etc/init.d/firewall.rules :
# cp -a /etc/init.d/firewall.rules /etc/init.d/firewall.rules-BAK
# vim /etc/init.d/firewall.rules
To shut off external ICMP packer replies:
- ...
# Allow Ping and friends.
## TWW: but drop all ext. pings Bv>
${IPTABLES} -A INPUT -p icmp -i ${OUT_DEV} -j DROP
${IPTABLES} -A INPUT -p icmp -j ACCEPT
${IPTABLES} -A OUTPUT -p icmp -j ACCEPT
...
To test it:
# etc/init.d/firewall start
To Save it (make it persistent across reboots):
# save-config
Read through the rest of your firewall script and examine its flow from top
to bottom.
Notes: