Need feeback/suggestions on how to improve this firewall for Linux

thirdworld

My friend provided a simple firewall for use on Linux.

Could you guys provide feedback/suggestions/input how how it can be further improved?

 #!/bin/bash

    ## Simple workstation firewall

    ## Clear existing firewall rules
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -F
    iptables -X

    ## Drop invalid traffic
    iptables -A INPUT -m state --state INVALID -j DROP
    iptables -A OUTPUT -m state --state INVALID -j DROP

    ## Allow loopback traffic
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT

    ## Allow established traffic back in
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    ## Allow outgoing DNS Queries, NTP, HTTP/S Traffic, Ping
    iptables -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
    iptables -A OUTPUT -p udp --dport 123 -m state --state NEW -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 80 --syn -m state --state NEW -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 443 --syn -m state --state NEW -j ACCEPT
    iptables -A OUTPUT -p icmp --icmp-type echo-request -m state --state NEW -j ACCEPT

    ## Set default policy to drop all other packets, in or out
    iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    iptables -P FORWARD DROP

Sign In

Need feeback/suggestions on how to improve this firewall for Linux

Recommended Posts

thirdworld 1

Share this post

Link to post

Join the conversation

Home

Community