iptables Startup Script Example   #!/bin/sh IPTABLES=/usr/local/sbin/iptables case "$1" in start) echo -n "Starting IP Firewall and NAT..." echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/tcp_syncookies # Clear old rules $IPTABLES -X $IPTABLES -F $IPTABLES -Z # INPUT Rules - Add to this section the ports you wish to explicitly allow connections on # Below are some common services that are commonly used # Comment out the lines to disable access to these services # The port numbers for other services you may wish to allow can be found in the /etc/services file $IPTABLES -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT #Allows connections you start $IPTABLES -A INPUT -i eth0 -p tcp --dport 21 -j ACCEPT #Allow FTP Connections $IPTABLES -A INPUT -i eth0 -p udp --dport 21 -j ACCEPT $IPTABLES -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT #SSH Connections $IPTABLES -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT #HTTP Connections $IPTABLES -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT #SSL Connections $IPTABLES -A INPUT -i eth0 -p tcp --dport 137 -j ACCEPT #SAMBA related ports $IPTABLES -A INPUT -i eth0 -p tcp --dport 138 -j ACCEPT $IPTABLES -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT $IPTABLES -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT $IPTABLES -A INPUT -i eth0 -p udp --dport 139 -j ACCEPT # Allow pings, but reject the rest $IPTABLES -A INPUT -i eth0 -p icmp -j ACCEPT $IPTABLES -A INPUT -i eth0 -j REJECT echo "done." ;; stop) echo -n "Stopping IP Firewall and NAT..." $IPTABLES -X $IPTABLES -F $IPTABLES -Z # Input Rules $IPTABLES -A INPUT -i eth0 -m state --state ESTABLISHED,related -j ACCEPT $IPTABLES -A INPUT -i eth0 -j REJECT echo "done." ;; restart) echo -n "Restarting IP Firewall and NAT..." $0 stop > /dev/null sleep 1 $0 start > /dev/null ;; *) echo "Usage: $0 {start|stop|restart}" ;; esac