Change the default policy to: reject all incoming traffic from WAN interface, leave LAN interface alone

2013-03-11 17:24:59 +01:00 · 2013-03-11 17:24:59 +01:00 · 1d2eeade80
parent 33aa41f864
commit 1d2eeade80
1 changed files with 2 additions and 4 deletions
--- a/rules/00-default-policy
+++ b/rules/00-default-policy
@ -1,6 +1,4 @@
 rules() {
-    for chain in INPUT OUTPUT FORWARD; do
-        :
-#        iptables -P ${chain} DROP
-    done
+    iptables -t filter $append INPUT -i ${IF_WAN} -j REJECT --reject-with icmp-port-unreachable
+    iptables -t filter $append FORWARD -i ${IF_WAN} -j REJECT --reject-with icmp-port-unreachable
 }