#!/bin/sh
#
# firewall-standalone	This script sets up firewall rules for a standalone
#                       machine
#
# Copyright (C) 2000 Roaring Penguin Software Inc.  This software may
# be distributed under the terms of the GNU General Public License, version
# 2 or any later version.
# LIC: GPL

# Interface to Internet
EXTIF=ppp+

ANY=0.0.0.0/0

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

iptables -F FORWARD
iptables -F INPUT
iptables -F OUTPUT
iptables -F -t nat

# Deny TCP and UDP packets to privileged ports
iptables -A INPUT -i $EXTIF -d $ANY -p tcp --dport 0:1023 -j DROP
iptables -A INPUT -i $EXTIF -d $ANY -p udp --dport 0:1023 -j DROP

# Deny TCP connection attempts
iptables -A INPUT -i $EXTIF -p tcp --syn -j DROP

# Deny ICMP echo-requests
iptables -A INPUT -i $EXTIF -s $ANY -p icmp --icmp-type echo-request -j DROP

echo 1 > /proc/sys/net/ipv4/ip_dynaddr