[Linux] เขียนแต่ cisco มาเยอะแล้วอยากเก็บ script firewall ง่ายๆเอาใว้ใช้เอง

เขียนแต่ cisco มาเยอะแล้วอยากเก็บ script firewall ง่ายๆเอาใว้ใช้เอง เวลา install linux จะได้ copy ไปใช้เลย
#vi rc.firewall
#! /bin/sh

export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"

do_start() {

iptables -A INPUT -i lo -j ACCEPT

## syn-flodding protection
iptables -N syn-flood
iptables -A INPUT -p tcp --syn -j syn-flood
iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
iptables -A syn-flood -j LOG --log-prefix "FIREWALL SYN-FLOOD: "
iptables -A syn-flood -j DROP

iptables -A INPUT -p udp -m udp -s 0/0 --sport 53 -d 0/0 -j ACCEPT

## Make sure NEW tcp connections are SYN packets
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

## Allow deluge bittorrent open tcp port 53045
iptables -A INPUT -p tcp -m tcp --dport 53045 --syn -j ACCEPT
## Allow ssh open tcp port 22
iptables -A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT

iptables -A INPUT -p udp -j LOG --log-prefix "FIREWALL UDP-IN: "
iptables -A INPUT -p udp -j DROP
iptables -A INPUT -p icmp -j LOG --log-prefix "FIREWALL ICMP-IN: "
iptables -A INPUT -p icmp -j DROP
iptables -A INPUT -p tcp -j LOG --log-prefix "FIREWALL TCP-IN: "
iptables -A INPUT -p tcp -j DROP
iptables -A INPUT -j LOG --log-prefix "FIREWALL PROTO-X-IN: "
iptables -A INPUT -j DROP

}

do_stop() {
iptables -F
iptables -X
iptables -Z
}

case "$1" in
start)
echo "Starting Firewall..."
do_start
;;
stop)
echo "Stopping Firewall..."
do_stop
;;

restart)
echo "Restarting Firewall..."
do_stop
sleep 2
do_start
;;

*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac

exit 0