[ubuntu-hardened] Firewall script

John Richard Moser nigelenki at comcast.net
Thu Nov 29 02:09:46 GMT 2007


I wrote a small iptables firewall script that just stores and restores 
iptables settings on boot.  Attached to bug 151653, it requires explicit 
saving of the rule set.  Nothing fancy.

When writing up a server, the administrator may want to have something 
like Tomcat served through Apache plus PHP-based pages plus egress 
filtering (to prevent network hopping once you're inside a server, if 
you don't have root access) plus a local mail server (in case a silly 
Web application decides it wants to connect to a real SMTP server 
instead of using sendmail() locally).  With about 50 ports open you may 
decide to actually only serve the 2 you need to the network and block 
the other 30.  ;)


-- 
Bring back the Firefox plushy!
http://digg.com/linux_unix/Is_the_Firefox_plush_gone_for_good
https://bugzilla.mozilla.org/show_bug.cgi?id=322367



More information about the ubuntu-hardened mailing list