Hello atlast i have found a nice firewall script. after custemizing it it wil not work for everything. it only works for ssh(ppff and i'm happy that that isn't blocked) and ftp(so far i have tested it) this is my script Code: #!/bin/bash NAME="firewall" IPTABLES="/sbin/iptables" case "$1" in start) echo -n "Starting firewall.." #Flush then restrict $IPTABLES -F $IPTABLES -P FORWARD DROP $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP # For ping and traceroute $IPTABLES -A INPUT -p icmp --icmp-type 0 -j ACCEPT $IPTABLES -A INPUT -p icmp --icmp-type 8 -j ACCEPT $IPTABLES -A INPUT -p icmp --icmp-type 3 -j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type 4 -j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type 12 -j ACCEPT $IPTABLES -A INPUT -p icmp --icmp-type 11 -j ACCEPT $IPTABLES -A INPUT -p icmp --icmp-type 30 -j ACCEPT # For traceroute $IPTABLES -A INPUT -i eth0 -p udp --source-port 32769:65535 \ --destination-port 33434:33523 -j ACCEPT $IPTABLES -A OUTPUT -p udp --source-port 32769:65535 \ --destination-port 33434:33523 -j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type 3 -j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type 4 -j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type 12 -j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type 11 -j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type 30 -j ACCEPT $IPTABLES -A INPUT -i lo -j ACCEPT $IPTABLES -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT $IPTABLES -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT ############################################################################################################ #Custom ports from low to high $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ############################################################################################################ #query #Soort #poort #accpet/deny #Protecol $IPTABLES -A INPUT -p tcp --destination-port 20:21 -j ACCEPT # FTP $IPTABLES -A INPUT -p tcp --destination-port 22 -j ACCEPT # SSH $IPTABLES -A INPUT -p tcp --destination-port 25 -j ACCEPT # SMTP $IPTABLES -A INPUT -p tcp --destination-port 53 -j ACCEPT # DNS $IPTABLES -A INPUT -p udp --destination-port 53 -j ACCEPT # DNS $IPTABLES -A INPUT -p tcp --destination-port 143 -j ACCEPT # IMAP $IPTABLES -A INPUT -p tcp --destination-port 443 -j ACCEPT # HTTPS $IPTABLES -A INPUT -p tcp --destination-port 666 -j ACCEPT # HTTPS monit $IPTABLES -A INPUT -p udp --destination-port 666 -j ACCEPT # TeamSpeak cold server $IPTABLES -A INPUT -p udp --destination-port 7777 -j ACCEPT # Tactical Ops server $IPTABLES -A INPUT -p udp --destination-port 7778 -j ACCEPT # Tactical Ops server query $IPTABLES -A INPUT -p udp --destination-port 32768 -j ACCEPT # DNS $IPTABLES -A INPUT -p tcp --dport auth --j REJECT # Reject sunrpc 111 ############################################################################################################ $IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ############################################################################################################ #query #Soort #poort #accpet/deny #Protecol $IPTABLES -A OUTPUT -p tcp --destination-port 20:21 -j ACCEPT # FTP $IPTABLES -A OUTPUT -p tcp --destination-port 25 -j ACCEPT # SMTP $IPTABLES -A OUTPUT -p tcp --destination-port 80 -j ACCEPT # HTTP $IPTABLES -A OUTPUT -p tcp --destination-port 110 -j ACCEPT # POP $IPTABLES -A OUTPUT -p tcp --destination-port 143 -j ACCEPT # IMAP $IPTABLES -A OUTPUT -p tcp --destination-port 666 -j ACCEPT # HTTPS monit $IPTABLES -A OUTPUT -p udp --destination-port 666 -j ACCEPT # TeamSpeak cold server $IPTABLES -A OUTPUT -p tcp --destination-port 993 -j ACCEPT # SIMAP $IPTABLES -A OUTPUT -p tcp --destination-port 995 -j ACCEPT # SPOP $IPTABLES -A OUTPUT -p udp --destination-port 7777 -j ACCEPT # Tactical Ops server $IPTABLES -A OUTPUT -p udp --destination-port 7778 -j ACCEPT # Tactical Ops server query $IPTABLES -A OUTPUT -p tcp --destination-port 8090 -j ACCEPT # FrontPage extension $IPTABLES -A OUTPUT -p tcp --destination-port 14534 -j ACCEPT # TeamSpeak admin page ############################################################################################################ #End custom ports ############################################################################################################ $IPTABLES -A INPUT -p tcp --dport auth --j REJECT # Reject sunrpc 111 $IPTABLES -A INPUT -p tcp -i lo -d 0/0 -j ACCEPT echo "..done" ;; stop) echo -n "Stopping firewall.." $IPTABLES -F $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P INPUT ACCEPT echo "done" ;; *) echo "Usage: $NAME {start|stop}" exit 1 ;; esac i run this script with this command after chmod 755 /etc/init.d/firewall start ; sleep 30 ; /etc/init.d/firewall stop(just in case) does any1 now what wrong with it i can't acces my site with the firewall on www.colddot.nl or any of my client sites. greets kevin valk