Home Explore Help
Sign In
angrytux
/
afwall_easy
Watch 1
Star 1
Fork 0
Files Issues 1 Pull Requests 0 Wiki
Branch: master
Branches Tags
afwall_easy
/
default

default 1.8 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 
  1. ## AFWall+ additional firewall rules
    2. 

  2. ## Mike Kuketz
    3. 

  3. ## www.kuketz-blog.de
    4. 

  4. 

  5. 

  6. IPTABLES=/system/bin/iptables
    7. 

  7. IP6TABLES=/system/bin/ip6tables 
    8. 

  8. 

  9. # All 'afwall' chains/rules gets flushed automatically, before the custom script is executed
    10. 

  10. 

  11. # Flush/Purge all rules expect OUTPUT (quits with error)
    12. 

  12. $IPTABLES -F INPUT
    13. 

  13. $IPTABLES -F FORWARD
    14. 

  14. $IPTABLES -t nat -F
    15. 

  15. $IPTABLES -t mangle -F
    16. 

  16. $IP6TABLES -F INPUT
    17. 

  17. $IP6TABLES -F FORWARD
    18. 

  18. $IP6TABLES -t nat -F
    19. 

  19. $IP6TABLES -t mangle -F
    20. 

  20. 

  21. # Flush/Purge all chains 
    22. 

  22. $IPTABLES -X 
    23. 

  23. $IPTABLES -t nat -X 
    24. 

  24. $IPTABLES -t mangle -X 
    25. 

  25. $IP6TABLES -X 
    26. 

  26. $IP6TABLES -t nat -X 
    27. 

  27. $IP6TABLES -t mangle -X
    28. 

  28. 

  29. # Default deny connections
    30. 

  30. 

  31. $IP6TABLES -P INPUT DROP  
    32. 

  32. $IP6TABLES -P FORWARD DROP  
    33. 

  33. $IP6TABLES -P OUTPUT DROP
    34. 

  34. 

  35. $IPTABLES -P INPUT DROP  
    36. 

  36. $IPTABLES -P FORWARD DROP  
    37. 

  37. $IPTABLES -P OUTPUT DROP
    38. 

  38. 

  39. ####################
    40. 

  40. # Tweaks           #
    41. 

  41. ####################
    42. 

  42. ## Kernel
    43. 

  43. # Disable IPv6
    44. 

  44. echo 0 > /proc/sys/net/ipv6/conf/wlan0/accept_ra
    45. 

  45. echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
    46. 

  46. echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6
    47. 

  47. # Privacy IPv6 Address
    48. 

  48. echo 2 > /proc/sys/net/ipv6/conf/all/use_tempaddr
    49. 

  49. echo 2 > /proc/sys/net/ipv6/conf/default/use_tempaddr
    50. 

  50. 

  51. # Allow loopback interface lo 
    52. 

  52. $IPTABLES -A INPUT -i lo -j ACCEPT
    53. 

  53. $IPTABLES -A "afwall" -o lo -j ACCEPT
    54. 

  54. 

  55. ##################### # Incoming Traffic # ##################### 
    56. 

  56. 

  57. # Allow ICMP packets
    58. 

  58. $IPTABLES -A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT
    59. 

  59. $IPTABLES -A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT
    60. 

  60. $IPTABLES -A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT
    61. 

  61. 

  62. # Allow all traffic from an established #connection 
    63. 

  63. $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    64. 

  64. 

  65. # Alle Pakete ordentlich zurückweisen
    66. 

  66. $IPTABLES -A INPUT -p tcp -j REJECT --reject-with tcp-reset
    67. 

  67. $IPTABLES -A INPUT -j REJECT --reject-with icmp-port-unreachable
    68. 

  68. 

  69.