Patch 1 #4
Open
Patch 1 #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added flush & clear for the raw table rules; Added verbose output to the terminal for visual aesthetic and ease-of-understanding which tables' rules you're looking at; Added listing of all rules (numbered) for each table in the firewall; Added details to the comment regarding the rule for allowing traffic on the lo iface; Added discriptive comment to the rule for iface = lo so that when you list the rule using iptables -nvL you can see comments; Added to the comment regarding the default policy for the filter tables chains; Replaced old style "-m state --state" with newer "-m state --state"; Moved filter table chain policy definition to the bottom after all the rules have been added to prevent host lockout (if running the script remotely); Added comment to drop rule on the INPUT chain for better desciption; Added comments to EST,REL rules on INPUT and OUTPUT chains; Added rules for ping counters (new) for both in/out conns. You only need NEW state rule as your first rules for EST,REL conns will handle the rest of the connection; Added DDoS/Portscan rules in RAW and MANGLE tables; Added listing of all the rules at the bottom of the script; Added text to display what tables rules are being edited;
Explicitly specified filter table for the flush/clear rules commands at the top.
Added flush & clear for the raw table rules; Added verbose output to the terminal for visual aesthetic and ease-of-understanding which tables' rules you're looking at; Added listing of all rules (numbered) for each table in the firewall.
Added text to state what's happening;
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please, may you review and merge if you agree with the changes?
Hope the commit notes and comments suffice.