Simple firewall script

**modules** · 02-21-2006, 01:37 PM

Hello,

i tried to setup a simple firewall script by following the howto from:
http://www.siliconvalleyccie.com/lin...bles-intro.htm

For first i want everything to be blocked and allow connections
by ssh.

At the moment the script looks like this:

Code:

#---------------------------------------------------------------
# Initialize all the chains by removing all the rules
# tied to them
#---------------------------------------------------------------

iptables --flush
iptables -t nat --flush
iptables -t mangle --flush

#---------------------------------------------------------------
# Now that the chains have been initialized, the user defined
# chains should be deleted. We'll recreate them in the next step
#---------------------------------------------------------------
iptables --delete-chain
iptables -t nat --delete-chain
iptables -t mangle --delete-chain

#---------------------------------------------------------------
# If a packet doesn't match one of the built in chains, then
# The policy should be to drop it
#---------------------------------------------------------------
iptables --policy INPUT   DROP
iptables --policy OUTPUT  DROP
iptables --policy FORWARD DROP
iptables -t nat --policy POSTROUTING ACCEPT
iptables -t nat --policy PREROUTING ACCEPT

#---------------------------------------------------------------
# The loopback interface should accept all traffic
# Necessary for X-Windows and other socket based services
#---------------------------------------------------------------
iptables -A INPUT  -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#---------------------------------------------------------------
# Allow previously established connections
# - Interface eth0 is the internet interface
#---------------------------------------------------------------
iptables -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED \
  -j ACCEPT

#---------------------------------------------------------------
# Allow port 22 (SSH) connections to the firewall
#---------------------------------------------------------------

iptables -A INPUT -p tcp -i eth0 --dport 22 --sport 1024:65535 \
  -m state --state NEW -j ACCEPT

After starting this script i am no longer able to login.
Even running session are closed. (good to have a restore script
in cron .)

Can somebody help?

How is this forum related to the above url?