Build a Simple iptables Firewall

Simple iptables Firewall
This simple firewall is OK for a desktop system so that you can use it and then modify it later and in the process learn iptables. The script will work with basically any Linux distro and of course you must make all modifications as root. Be sure to test your set up before you depend upon it.

Create the script with a text editor and save it in /etc/rc.d/rc.firewall . Change the permissions so that it is executable:
chmod 755 /etc/rc.d/rc.firewall

One modification you must make is to place the IP Address of the DNS server you want to use and replace:
your_dns_server_ip

Here is the script:
#!/bin/sh
#
# Simple firewall placed in /etc/rc.d/rc.firewall
# chmod 755 /etc/rc.d/rc.firewall
#

iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p udp -s your_dns_server_ip –sport 53 -j ACCEPT
iptables -A INPUT -p tcp –syn -j REJECT
iptables -A INPUT -p udp -j REJECT

Explanation of the Script:
This script will clean out all previous rules when it starts and will provide you security in that it will not allow any computer to initiate a connection to your box. This is the line that shows no –syn connections.
iptables -A INPUT -p tcp –syn -j REJECT

That way you have a simple firewall and you can add to it later.

If you want the script to start automatically on boot edit your /etc/rc.local file and add the line:
sh /etc/rc.d/rc.firewall

Here is an example of rc.local.

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will “exit 0” on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
sh /etc/rc.d/rc.firewall
exit 0