[ubuntu-hardened] Firewall script

John Richard Moser nigelenki at comcast.net
Thu Nov 29 02:09:46 GMT 2007

I wrote a small iptables firewall script that just stores and restores 
iptables settings on boot.  Attached to bug 151653, it requires explicit 
saving of the rule set.  Nothing fancy.

When writing up a server, the administrator may want to have something 
like Tomcat served through Apache plus PHP-based pages plus egress 
filtering (to prevent network hopping once you're inside a server, if 
you don't have root access) plus a local mail server (in case a silly 
Web application decides it wants to connect to a real SMTP server 
instead of using sendmail() locally).  With about 50 ports open you may 
decide to actually only serve the 2 you need to the network and block 
the other 30.  ;)

Bring back the Firefox plushy!

More information about the ubuntu-hardened mailing list