File: bastille-firewall-pre-audit.sh

package info (click to toggle)
bastille 1:1.3.0-2.1
  • links: PTS
  • area: main
  • in suites: woody
  • size: 1,576 kB
  • ctags: 397
  • sloc: perl: 8,407; sh: 1,879; ansic: 638; makefile: 203; csh: 17
file content (13 lines) | stat: -rw-r--r-- 367 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
#!/bin/sh

IPTABLES=/sbin/iptables
CONFIG=/etc/Bastille/bastille-firewall.cfg

for chain in INPUT PUB_IN INT_IN ; do
	### drop netbios traffic
	${IPTABLES} -A ${chain} -p tcp --dport 137:139 -j ${REJECT_METHOD}
	${IPTABLES} -A ${chain} -p udp --dport 137:139 -j ${REJECT_METHOD}

	### drop multicast traffic
	${IPTABLES} -A ${chain} -d 224/8 -j ${REJECT_METHOD}
done