About the Script: This script is about to build a firewall in Linux OS by using iptables, the user only needs

to follow and answer the simple and easy steps and the script will g enerate the user specified iptables rule in its original form. I HAVE TESTED THE SCRIPT ON PCLINUXOS, FEDORA-9, DREAM_LINUX, UBUNTU-8. This is my iptables Version 1.0 (USMAN AKRAM - Lucky) About iptables: Network security is a primary consideration in any decision to host a website as the threats are becoming more widespread and persistent every day. One means of providing additional protection is to invest in a firewall. Though prices are a lways falling, in some cases you may be able to create a comparable unit using t he Linux iptables package on an existing server for little or no additional expe nditure. Originally, the most popular firewall/NAT package running on Linux was ipchains, but it had a number of shortcomings. To rectify this, the Netfilter organizatio n decided to create a product called iptables. :-) !!!The Script is Totally User Friendly!!! :-) Starting of the Script A Menu will appear like this: *****Main Menu***** 1. Check Iptables Package 2. Iptables Services 3. Build Your Firewall with Iptables 4. Exit 1. Check Iptables Package Now let the user select the option 1. Check iptable Package from the menu by pre ssing "1" from the keyboard. Now the script confirms that the user must be Root, and we know that the UID of Root is zero ( 0 ). So first I have to compare the UID of the current user with zero ( 0 ), if the UID doesn't match with the UID of root then it will display t he following message: ****You must be the root user to run this script!**** and if the UID matches with root's UID then it displays the following message an d runs the script: ***Identity Verified_You are the Root*** We can check the UID of the current user by typing the following command in the terminal: echo $UID If the identity of the user is verified as root, then the script will check the

iptables package in the Linux OS by using the following command. rpm -q iptables *****Main Menu***** 1. Check Iptables Package 2. Iptables Services 3. Build Your Firewall with Iptables 4. Exit Now if the user selects the option 2. Iptables Services then the checkstatus fun ction will be called. In this function there are some options for the user: *****Note: Save your Iptables before stop/Restart the iptables Services***** 1. Save the iptables 2. Status of Iptables 3. Start iptables Services 4. Stop iptables Services 5. Restart iptable Services 6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**) 7. Go back to Main Menu If the user selects 1. Save the iptables the iptables rules will be saved in the Linux OS by using the following command: /etc/init.d/iptables save If the user selects 2. Status of iptables the current status of iptables will be displayed, using the following command: /etc/init.d/iptables status Chain INPUT (policy ACCEPT) target prot opt source destination REJECT tcp -- 192.168.1.45 172.16.4.8 reject-with icmp-port-unreachable ACCEPT tcp -- 192.168.1.1 192.168.1.25 LOG icmp -- anywhere anywhere LOG level warning Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination DROP udp -- 192.168.6.3 10.6.3.7 If the user selects 3. Start iptables Services then iptables will be started, us ing the following command: /etc/init.d/iptables start If the user selects 4. Stop iptables Services then iptables will be stopped, usi ng the following command: /etc/init.d/iptables stop If the user selects 5. Restart iptable Services then iptables will be restarted, using the following command, it will load the saved iptables rules: /etc/init.d/iptables restart

If the user selects 6. Flush iptables then iptables will be flushed, (**use Care fully_it will remove all the rules from iptables**), using the following command , it will flush the saved iptables rules: iptables -F To go back to the Main Menu the user must select option 7. Go back to Main Menu. *****Main Menu***** 1. Check Iptables Package 2. Iptables Services 3. Build Your Firewall with Iptables 4. Exit Option 3. Build your Firewall with Iptables is the heart of this script, by usin g this option users can create the firewall with iptables using simple steps, wh en a user selects the option 3. Build your Firewall with Iptables then the scrip t will ask the user to create the firewall. Using Which Chain of Filter Table? 1. INPUT 2. OUTPUT 3. Forward" The above menu will ask the user to select the chain where he/she wants to put t he rule. Now the script will ask the user to get the IP information from the Source side. .. 1. Firewall using Single Source IP 2. Firewall using Source Subnet 3. Firewall using for All Source Networks Then the above menu ask the user the above three question, if the user selects t he option 1. Firewall using Single Source IP then the script will ask the user t o enter the IP address. If the user selects option 2. Firewall using Source Subnet then the script will ask the user to enter the subnet in the form of "192.168.1.0/24". If the user selects option 3. Firewall using for All Source Networks then the sc ript will put 0/0 in the variable named "ip_source" in the script. Now the script will ask the user to get the IP information from the Destination side... 1. Firewall using Single Destination IP 2. Firewall using Destination Subnet 3. Firewall using for All Destination Networks Then the above menu asks the user the above three questions, if the user selects option 1. Firewall using Single Destination IP then the script will ask the use r to enter the IP address. If the user selects option 2. Firewall using Destination Subnet then the script will ask the user to enter the subnet in the form of "192.168.1.0/24" If the user selects option 3. Firewall using for All Destination Networks then t he script will put 0/0 in the variable named "ip_dest" in the script.

Now the script asks the user to select the PROTOCOL: 1. 2. 3. 4. Block Block Block Using All Traffic of TCP Specific TCP Service Specific Port no Protocol

Now from the above displayed menu if the user selects 1. Block All Traffic of TC P then the script will block all the TCP Traffic. If the user selects 2. Block Specific TCP Service, now the script will ask the u ser to enter the TCP Service of his/her choice (e.g ICMP). Note: the TCP Service name should be in CAPITAL LETTERS!!! If the user selects 3. Block Specific Port the script will ask the user to enter the PORT number. Now the script prompts the user What to do with the Above Created Rule? What to do with Rule? 1. Accept the Packet 2. Reject the Packet 3. Drop the Packet 4. Create Log If the user selects 1. Accept the Packet then the packet will be accepted. If the user selects 2. Reject the Packet then the packet will be rejected. If the user selects 3. Drop the Packet then the packet will be dropped. If the user selects 4. Create Log then only the log will be created. Now the following message will be shown to the user: Press Enter key to Generate the Complete Rule!!! When the user presses the Enter key then the script generates the original rule with the correct syntax and displays it to the user, in my case: The Generated Rule is iptables -A INPUT -s 192.168.0.0/24 -d 172.16.0.0/16 -p TCP -j ACCEPT Now the script shows the following message to the user: Do you want to Enter the Above rule to the IPTABLES? Yes=1 , No=2 If the above rule is correct then the user presses 1 for Yes and adds the rule t o iptables otherwise 2 for No and the script will return to let the user edit the rule.