Simple firewall

This is a very simple firewall I was once taught by my friend Fabio. Just copy these lines in a blank file, make it executable, and have it executed some time during your init process. My favorite way is to add this in /etc/network/interfaces:

auto eth1iface eth1 inet staticaddress /etc/network/if-up.d/

This is the firewall script:

#!/bin/sh# Cleans the iptablesiptables -F# Enables internet connection sharingmodprobe iptable_natiptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADEecho 1 > /proc/sys/net/ipv4/ip_forward# Opens some ports (22=SSH, 1080=Socks)iptables -A INPUT -p tcp --destination-port 22 -j ACCEPTiptables -A INPUT -p tcp --destination-port 1080 -j ACCEPT# Allows localhost everywhere                                                              iptables -A INPUT -s -j ACCEPTiptables -A OUTPUT -s -j ACCEPT# Opens local networkiptables -A INPUT -p tcp --syn -s -j ACCEPT# Closes everything elseiptables -A INPUT -p tcp --syn -j DROP