# ========================================================================= # $Id: custom.conf 113 2005-11-24 01:57:02Z s0undt3ch $ # ========================================================================= # Please read the README and FAQ for more info. # # Insert your own iptables rules here. They will be added before all other # rules. If you have a good custom rule that would be beneficial to others, # email me about it so I can incorporate it into the next release. Please # send email to grasshopper@linuxkungfu.org # # If the machine that is running ipkungfu also serves as a DHCP server to other # machines on your local network, then uncomment the line below to allow them # access. This is for internal network only. #$IPTABLES -A INPUT -i $INT_NET -s 0.0.0.0 -j ACCEPT # For the Slapper worm #$IPTABLES -A OUTPUT -p udp --dport 2002 $LOG_CMD "SLAPPER!_rm_-f_/tmp/*bugtraq*" #$IPTABLES -A OUTPUT -p udp --dport 2002 -j DROP # Drop every other ping packet (just because we can) # You need the "nth" patch from patch-o-matic for this #$IPTABLES -A INPUT -p icmp --icmp-type echo-request -m nth --every 2 -j DROP #$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT # Trust these mac addresses #$IPTABLES -A INPUT -m mac --mac-source 00:C0:F0:6C:36:4D -j ACCEPT #$IPTABLES -A INPUT -m mac --mac-source 00:50:2C:04:84:08 -j ACCEPT