iptables firewall settings for ADSL dial-up Internet slackware-10.1

Feed:

Because the home machine is using ADLs dial-up Internet, in order to prevent the guys on my machine as a port scan, so set up a good firewall is more important.

I tried the common way to set iptables, and found that the general Setup method did not meet my needs very well, mainly because the PPP connection was based on a set of Fires (written/etc/rc.d/rc.firewall by hand). The better approach is to use Rp-pppoe to invoke your firewall settings, since Rp-pppoe's configuration file (/etc/ppp/pppoe.conf) has an option to refer to the two set of setting scripts under the/ETC/PPP directory below Slackware , although it is written for ipchains, but can be replaced by Iptabes rewrite. After PPP is established, the rules of iptables will be in effect.

There are two scripts firewall-masq and Firewall-standalone in the/ETC/PPP directory, corresponding to the two options in/etc/ppp/pppoe.conf Firewall=masquerade or FIREWALL= STANDALONE Both of these scripts are based on IPChains,
Called via the/usr/sbn/adsl-connect script (called indirectly by Adsl-start).

Here's a basic/etc/rc.d/rc.firewall example that I wrote

#!/bin/sh
# Start/stop/restart the firewall ($IPT)
ipt= "/usr/sbin/iptables"
# Start Firewall:
Firewall_start () {
$IPT-P INPUT DROP
$IPT-P FORWARD DROP
$IPT-A input-m State--state established,related-j ACCEPT
$IPT-A input-s 127.0.0.0/8-D 127.0.0.0/8-I lo-j ACCEPT
# SSHD
$IPT-A input-p tcp--dport 22-i ppp0-j ACCEPT
# Bittorrent
$IPT-A input-p tcp--dport 6881:6889-i ppp0-j ACCEPT
# BitTornado
$IPT-A input-p tcp--dport 10000:60000-i ppp0-j ACCEPT
$IPT-A input-p icmp-j ACCEPT
}
# Stop Firewall:
Firewall_stop () {
$IPT-P INPUT ACCEPT
$IPT-P FORWARD ACCEPT
$IPT-F
$IPT-X
}
# Restart Firewall:
Firewall_restart () {
Firewall_stop
Sleep 1
Firewall_start
}
Case "$" in
' Start ')
Firewall_start
;;
' Stop ')
Firewall_stop
;;
' Restart ')
Firewall_restart
;;
*)
echo "Usage $ start|stop|restart"
Esac
The following is a rewritten/etc/ppp/firewall-standalone with the Adsl-connect call
#!/bin/sh
# Start the firewall ($IPT)
ipt= "/usr/sbin/iptables"
$IPT-P INPUT DROP
$IPT-P FORWARD DROP
$IPT-A input-m State--state established,related-j ACCEPT
$IPT-A input-s 127.0.0.0/8-D 127.0.0.0/8-I lo-j ACCEPT
# SSHD
$IPT-A input-p tcp--dport 22-i ppp0-j ACCEPT
# Bittorrent
$IPT-A input-p tcp--dport 6881:6889-i ppp0-j ACCEPT
# BitTornado
$IPT-A input-p tcp--dport 10000:60000-i ppp0-j ACCEPT
$IPT-A input-p icmp-j ACCEPT

Both methods can establish rules for ppp0, but the distinction is established and connected before the PPP0 connection, which is better, I don't know:-P