ation-needed -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type destination-unreachable -j DROP iptables -A OUTPUT -p icmp --icmp-type echo-request -m state --state NEW -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state INVALID -j LOG --log-prefix "INVALID output: " iptables -A OUTPUT -m state --state INVALID -j DROP iptables -A OUTPUT -p icmp -o ${UPLINK} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -o ${UPLINK} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p icmp -m state --state INVALID -j LOG --log-prefix "INVAILD ICMP STATE OUTPUT:" iptables -A OUTPUT -p icmp -m state --state INVALID -j DROP iptables -A OUTPUT -m state --state NEW,INVALID -j LOG --log-prefix "INVAILD NEW:" iptables -A OUTPUT -m state --state NEW,INVALID -j DROP
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m \n\t The OUTPUT rules has been successful applied,conniture..."
#echo -e "\t Now applying nat rules ,please wait ...." #iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE #iptables -t nat -A PREROUTING -d ${LAN_NET} -i ${UPLINK} -j DROP
# RainLow firewall server version-- 09/05/2004 # This software may be used and distributed according to #the terms of the GNU General Public License (GPL) provided #credit is given to the original author. # Copyright (c) 2004 rainlow # All rights reserved ############################################################ #echo -e "\n\t\t\t Welcome to \033[3;031m RainLow Tech. \033[0m\n\n" #echo -e " \t\t\t\t \033[1;32m http://www.rainlow.com \033[m \n"
# means the interface you connected to internet,if you use ADSL you should set # it to ppp0
UPLINK=eth0
# means if you use fixed IP address you can set here
UPIP=221.137.58.48
# means the interface you have
INTERFACES=lo eth0
#means if you want to load all modules needed for this program
LOAD_MODULES=no
#means if you want to log the illegal tcp flags(most of these flags is used for a scanner)
LOG_ILLEGAL_FLAGS=yes
# means the IP address you want to log and DENY
DENYIP=10.0.0.1 10.0.0.255
# means the UDP port you want to log and drop the connections