#!/bin/sh
#
# Basic iptables rules for standalone Red Hat Linux desktop with dialup modem
#
# Copyright (C) 2003 Paul Eissen
#
# su
# Execute this script
# cd /etc/sysconfig
# /sbin/iptables-save > iptables

/sbin/iptables -P FORWARD DROP

/sbin/iptables -P INPUT DROP

/sbin/iptables -A INPUT -i lo -j ACCEPT

# Allow DNS
/sbin/iptables -A INPUT -i ppp0 -p udp --sport domain -j ACCEPT

# Allow existing TCP connection packets
/sbin/iptables -A INPUT -i ppp0 -p tcp ! --syn -j ACCEPT

# Allow echo reply and dest unreach, but don't allow others to ping us
/sbin/iptables -A INPUT -i ppp0 -p icmp --icmp-type 0 -j ACCEPT
/sbin/iptables -A INPUT -i ppp0 -p icmp --icmp-type 3 -j ACCEPT

# Reject all other incoming packets
/sbin/iptables -A INPUT -i ppp0 -j DROP

/sbin/iptables -A OUTPUT -o lo -j ACCEPT

# Reject stupid Verisign Site Finder
/sbin/iptables -A OUTPUT -o ppp0 -d 64.94.110.11 -j DROP

/sbin/iptables -A OUTPUT -o ppp0 -j ACCEPT