Simplest Firewall Script

Nothing fancy - just a few lines of Bash adding or removing a few iptables rules. But I keep forgetting where is the plain version of it, so here it goes. This particular flavor is for Debian.

It is a standard script for /etc/init.d and is parametrized by two files containing simple lists.

Source code

# Simplest Firewall by Remigiusz Modrzejewski []
# Treat this as Public Domain, or Simplified BSD if you have to

case "$1" in

      export PATH="/sbin:$PATH"

      iptables -P INPUT ACCEPT

      iptables -F
      iptables -Z

      iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
      iptables -A INPUT -p icmp -j ACCEPT

      for port in `cat /etc/firewall/listen_ports`; do
         iptables -A INPUT -p tcp -m multiport --ports `cat /etc/firewall/listen_ports` -j ACCEPT;
         iptables -A INPUT -p udp -m multiport --ports `cat /etc/firewall/listen_ports` -j ACCEPT;

      for source in `cat /etc/firewall/listen_sources`; do
         iptables -A INPUT -s $source -j ACCEPT;

      iptables -P INPUT DROP
      iptables -F
      iptables -Z
      iptables -F -t nat
      iptables -Z -t nat
      iptables -F -t filter
      iptables -Z -t filter
      iptables -F -t mangle
      iptables -Z -t mangle
      iptables -X -t mangle
      iptables -P INPUT ACCEPT
   restart | force-reload)
      $0 stop
      $0 start
      echo "Usage: /etc/init.d/firewall {start|stop|restart|force-reload}"
      exit 1 

exit 0

You can simply download the script.