A collection of system hardening and generally-useful scripts for Linux systems. Targets Artix, works on any distro. Some inits require disabling the included boot parameter hardening, otherwise they won't boot (systemd)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

15 lines
491 B

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -i lo -j ACCEPT
#-A INPUT -p tcp --dport 9050 -j ACCEPT
#-A INPUT -p tcp --dport 1080 -j ACCEPT
#-A INPUT -p tcp --dport 1402 -j ACCEPT
#-A INPUT -p tcp --dport 5900 -m conntrack --ctstate NEW,ESTABLISHED
#-A INPUT -p udp --dport 5900 -m conntrack --ctstate NEW,ESTABLISHED
-A INPUT -m state --state ESTABLISHED -j ACCEPT
#-A INPUT -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT