Netfilter firewall scripts
Some ready to use scripts to setup a netfilter (Linux kernel 2.4/2.6) firewall. Most common setups are covered.
Please note that these scripts use the iptables
tool. They can be still useful as a reference, but might need to be
ported to use a different tool.
all inbound connections are filtered while all outbound connections are allowed.
masquerading is active for LAN's clients. All inbound connections are filtered while all outbound traffic is allowed.
the gateway acts as a DNS and SMTP server for the LAN. SSH inbound connections are allowed from the LAN as well. DNS and SMTP outbound connections are allowed to the Internet; LAN's client can access public WWW and FTP services.
NAT is active for both DMZ servers and private LAN clients. The gateway itself accepts only inbound SSH connections from the LAN's client. Public access to some well defined services hosted in the DMZ is granted, as well as restricted access to the Internet by DMZ server and LAN's clients.