The firewall scripts files
# Remove all existing rules belonging to this filter
ipchains -F
# Clearing all current rules and user defined chains
ipchains -X
# Set the default policy of the filter to deny.
# Don’t even bother sending an error message back,
ipchains -P input DENY
ipchains -P output DENY ipchains -P forward DENY
# LOOPBACK
# Unlimited traffic on the loopback interface.
ipchains -A input -i $LOOPBACK_INTERFACE -j ACCEPT ipchains -A output -i $LOOPBACK_INTERFACE -j ACCEPT
# Network Ghouls
# Deny access to jerks
# /etc/rc.d/rc.firewall.blocked contains a list of
# ipchains -A input -i $EXTERNAL_INTERFACE -s address -j DENY
# rules to block from any access.
# Refuse any connection from problem sites
#if [ -f /etc/rc.d/rc.firewall.blocked ]; then
# . /etc/rc.d/rc.firewall.blocked
#fi
# SPOOFING & BAD ADDRESSES
# Refuse spoofed packets.
# Ignore blatantly illegal source addresses.
# Protect yourself from sending to bad addresses.
# Refuse spoofed packets pretending to be from the external address,
ipchains -A input -i $EXTERNAL_INTERFACE -s $IPADDR -j DENY -I
# Refuse packets claiming to be to or from a Class A private network
ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_A -j DENY -I ipchains -A input -i $EXTERNAL_INTERFACE -d $CLASS_A -j DENY -I ipchains -A output -i $EXTERNAL_INTERFACE -s $CLASS_A -j REJECT -I ipchains -A output -i $EXTERNAL_INTERFACE -d $CLASS_A -j REJECT -I