More linux help please
Posted: 2003-06-26 12:31am
First, how do I configure default font sizes for GTK apps? What file do I edit, or better, is there an option for that in KDE?
Second, what mouse acceleration and threshold settings do you people use? I've always been annoyed by that.
Third, how do I disable window resizing when maximized while using KDE?
Fourth, can anyone well versed in manually creating iptables scripts check my firewall script for potential problems? Thanks in advance.
Second, what mouse acceleration and threshold settings do you people use? I've always been annoyed by that.
Third, how do I disable window resizing when maximized while using KDE?
Fourth, can anyone well versed in manually creating iptables scripts check my firewall script for potential problems? Thanks in advance.
Code: Select all
#/bin/bash
# Very loosely based on stuff from the iptables tutorial and the IP-Masq HOWTO
# More complexity is better ;)
# Only 2 computers on LAN
#
# 192.168.0.1 - this computer, hostname is 'down'
# 192.168.0.2 - computer upstairs, hostname is 'up'
# 66.44.0.0/16 - IP addresses assigned anywhere between this range for dialup connection
# 00:40:05:81:77:9 - MAC address for 'up'. Can they be spoofed?
# 00:00:00:00:00:00 - loopback mac address, is there such thing? Seems to match local computer when
# testing loopback interface. Someone explain this to me.
# 0.0.0.0 - What is this? Apparently looks like a generic loopback in case you ping 192.162.0.1 from 192.162.0.1?
# Is it a bad idea to put any of this information on a public forum??
# Initial setup
#---------------------------------------------------------------------
# Sets path
#---------------------------------
PATH="/sbin"
export PATH
#---------------------------------
# Loads modules
#---------------------------------
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
# rest autoloaded
#---------------------------------
# Resets firewall rules
#---------------------------------
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -F
iptables -X
#---------------------------------
#---------------------------------------------------------------------
# Creates chain for dropping and logging packets
#---------------------------------------------------------------------
iptables -N DROPLOG
iptables -A DROPLOG -j ULOG
iptables -A DROPLOG -j DROP
#---------------------------------------------------------------------
# Creates chain for rejecting and logging packets
#---------------------------------------------------------------------
iptables -N REJECTLOG
iptables -A REJECTLOG -j ULOG
iptables -A REJECTLOG -j REJECT
#---------------------------------------------------------------------
# Protocol handling chains
#--------------------------------------------------------------------------------------------------------------------------------------------
# ICMP handling chains
#---------------------------------------------------------------------
# PPP
#----------------------------------
iptables -N ICMPFILTPPP
#iptables -A ICMPFILTPPP -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A ICMPFILTPPP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A ICMPFILTPPP -j DROPLOG
#----------------------------------
# Everything from loopback already allowed
# Ethernet
#----------------------------------
iptables -N ICMPFILTETH
iptables -A ICMPFILTETH -s 192.168.0.2 -m mac --mac-source 00:40:05:81:77:97 -j ACCEPT
iptables -A ICMPFILTETH -j REJECTLOG
#----------------------------------
#---------------------------------------------------------------------
# TCP handling chains
#---------------------------------------------------------------------
# PPP
#----------------------------------
iptables -N TCPFILTPPP
iptables -A TCPFILTPPP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A TCPFILTPPP -j DROPLOG
#----------------------------------
# Everything from loopback already allowed
# Ethernet
#----------------------------------
iptables -N TCPFILTETH
iptables -A TCPFILTETH -p tcp --dport 25 -d 192.168.0.1 -s 192.168.0.2 -m mac --mac-source 00:40:05:81:77:97 -j ACCEPT
#I'm running SMTP server, want to allow access from 192.168.0.2
# Add rules to allow SMB later here
iptables -A TCPFILTETH -j REJECTLOG
#----------------------------------
#---------------------------------------------------------------------
# UDP handling chains
#---------------------------------------------------------------------
# PPP
#----------------------------------
iptables -N UDPFILTPPP
iptables -A UDPFILTPPP -m state --state ESTABLISHED,RELATED -p UDP -s 207.172.3.0/24 -j ACCEPT # Allow access to my ISP's DNS servers
iptables -A UDPFILTPPP -j DROPLOG
#----------------------------------
# Everything from loopback already allowed
# Ethernet
#---------------------------------------------------------------------
#--------------------------------------------------------------------------------------------------------------------------------------------
# Chains for stuff going in
#---------------------------------------------------------------------
# ppp0-in chain
#----------------------------------
iptables -N PPPIN
iptables -A PPPIN -p icmp -j ICMPFILTPPP
iptables -A PPPIN -p tcp -j TCPFILTPPP
iptables -A PPPIN -p udp -j UDPFILTPPP
iptables -A PPPIN -j DROPLOG
#----------------------------------
# lo-in chain
#----------------------------------
iptables -N LOOPIN
iptables -A LOOPIN -m mac --mac-source 00:00:00:00:00:00 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
iptables -A LOOPIN -j REJECTLOG
#----------------------------------
# eth0-in chain
#----------------------------------
iptables -N ETHIN
iptables -A ETHIN -p icmp -j ICMPFILTETH
iptables -A ETHIN -j REJECTLOG
#----------------------------------
#---------------------------------------------------------------------
# Chains for stuff going out
#---------------------------------------------------------------------
# ppp0-out chain
#----------------------------------
iptables -N PPPOUT
iptables -A PPPOUT -d 0.0.0.0/0 -j ACCEPT
iptables -A PPPOUT -j DROPLOG # Doesn't do anything here, but left it here for consistency
#----------------------------------
# lo-out chain
#----------------------------------
iptables -N LOOPOUT
iptables -A LOOPOUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
iptables -A LOOPOUT -j REJECTLOG
#----------------------------------
# eth0-out chain
#----------------------------------
iptables -N ETHOUT
iptables -A ETHOUT -s 192.168.0.1 -d 192.168.0.2 -j ACCEPT
iptables -A ETHOUT -j REJECTLOG
#----------------------------------
#---------------------------------------------------------------------
# Chain for stuff comming out of abnormal ports- need to add stuff for AIM and crap.
#---------------------------------------------------------------------
iptables -N NATFILT
iptables -A NATFILT -j ACCEPT # Why should I give a shit about the computer upstairs? It's not mine ;).
# Besides, when I get around to installing a personal firewall up there, this will be redundant
iptables -A NATFILT -j DROPLOG
#---------------------------------------------------------------------
# Master INPUT/FORWARDING/OUTPUT chains
#---------------------------------------------------------------------
# Master input chain
#----------------------------------
iptables -A INPUT -i ppp0 -j PPPIN
iptables -A INPUT -i lo -j LOOPIN
iptables -A INPUT -i eth0 -j ETHIN
iptables -A INPUT -j DROPLOG
#----------------------------------
# Master forwarding chain # most came from IP-Masquerading howto
#----------------------------------
iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp0 -j NATFILT
iptables -A FORWARD -j REJECTLOG
#----------------------------------
# Master output chain
#----------------------------------
iptables -A OUTPUT -o ppp0 -j PPPOUT
iptables -A OUTPUT -o lo -j LOOPOUT
iptables -A OUTPUT -o eth0 -j ETHOUT
iptables -A OUTPUT -j DROPLOG
#----------------------------------
#---------------------------------------------------------------------
# Enable NAT
#----------------------------------
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
#----------------------------------