Version 2024101401
#!/bin/sh
# You may need to do a chmod +x firewall.sh
# Flush existing rules
iptables -F
ip6tables -F
# Configure loopback interface first
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i lo -m state --state ESTABLISHED,RELATED -j ACCEPT
#Setting default DROP policy on INPUT chain on both IPv4 and IPv6
iptables -P INPUT DROP
ip6tables -P INPUT DROP
# Configure stateful IPv4 and IPv6 traffic on wifi interface wlp1s0 (YMMW)
# if you get an error message while running the script do a "ip -c a" command to check which interface name you are having, "wlp1s0" in this case.
iptables -A INPUT -i wlp1s0 -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -i wlp1s0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Firewall is now up and running, just configure logging.
iptables -N LOG_AND_DROP
iptables -A LOG_AND_DROP -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 3
iptables -A LOG_AND_DROP -j DROP
# logging for IPv6 aswell
ip6tables -N LOG_AND_DROP
ip6tables -A LOG_AND_DROP -m limit --limit 5/min -j LOG --log-prefix "ip6tables denied: " --log-level 3
ip6tables -A LOG_AND_DROP -j DROP