Hallo,

I installed a generated firewall script, but now wicd does no more connect to my router via wlan0. I have to switch off the firewall, wait until wicd connects and then start the firewall again. Which ports do I have to open? Here is my script:


Code:
  # alle Regeln löschen
      $iptables -t nat -F
      $iptables -t filter -F
      $iptables -X
    
      # neue Regeln erzeugen
      $iptables -N garbage
      $iptables -I garbage -p TCP -j LOG --log-prefix="DROP TCP-Packet: " --log-level info
      $iptables -I garbage -p UDP -j LOG --log-prefix="DROP UDP-Packet: " --log-level info
      $iptables -I garbage -p ICMP -j LOG --log-prefix="DROP ICMP-Packet: " --log-level info

      # Default Policy
      $iptables -P INPUT DROP
      $iptables -P OUTPUT DROP
      $iptables -P FORWARD DROP



      # über Loopback alles erlauben
      $iptables -I INPUT -i lo -j ACCEPT
      $iptables -I OUTPUT -o lo -j ACCEPT

      #####################################################
      # ausgehende Verbindungen
      #iptables -N whitelist
      #iptables -A whitelist -s 192.168.178.0/24 -j ACCEPT
      #iptables -A whitelist -t filter -s 183.98.143.10/24 -j ACCEPT
      # Port 22
      $iptables -I OUTPUT -o wlan0 -p TCP --sport 1024:65535 --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      $iptables -I INPUT -i wlan0 -p TCP --sport 22 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
      # Port 53
      $iptables -I OUTPUT -o wlan0 -p TCP --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      $iptables -I INPUT -i wlan0 -p TCP --sport 53 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
      $iptables -I OUTPUT -o wlan0 -p UDP --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      $iptables -I INPUT -i wlan0 -p UDP --sport 53 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
      # Port 80
      $iptables -I OUTPUT -o wlan0 -p TCP --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED,RELATED --match set --set whitelist dst -j ACCEPT
      $iptables -I INPUT -i wlan0 -p TCP --sport 80 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Port 443
      $iptables -I OUTPUT -o wlan0 -p TCP --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED,RELATED --match set --set whitelist dst -j ACCEPT
      $iptables -I INPUT -i wlan0 -p TCP --sport 443 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT 
# Port 8080
      #$iptables -I OUTPUT -o wlan0 -p TCP --sport 1024:65535 --dport 8080 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      #$iptables -I INPUT -i wlan0 -p TCP --sport 8080 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
      # Port 3128
      #$iptables -I OUTPUT -o wlan0 -p TCP --sport 1024:65535 --dport 3128 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      #$iptables -I INPUT -i wlan0 -p TCP --sport 3128 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
            
# ICMP
      $iptables -I OUTPUT -o wlan0 -p ICMP --icmp-type echo-reply -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      $iptables -I INPUT -i wlan0 -p ICMP --icmp-type echo-reply -m state --state ESTABLISHED,RELATED -j ACCEPT

      #####################################################
      # eingehende Verbindungen
      # Port 22
      $iptables -I INPUT -i wlan0 -p TCP --sport 1024:65535 --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      $iptables -I OUTPUT -o wlan0 -p TCP --sport 22 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
      # Port 53
      $iptables -I INPUT -i wlan0 -p TCP --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      $iptables -I OUTPUT -o wlan0 -p TCP --sport 53 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
      $iptables -I INPUT -i wlan0 -p UDP --sport 53 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      $iptables -I OUTPUT -o wlan0 -p UDP --sport 53 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      $iptables -I INPUT -i wlan0 -p UDP --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      $iptables -I OUTPUT -o wlan0 -p UDP --sport 53 --dport 1024:65535 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      # Port 80
      $iptables -I INPUT -i wlan0 -p TCP --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      $iptables -I OUTPUT -o wlan0 -p TCP --sport 80 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Port 443
      $iptables -I INPUT -i wlan0 -p TCP --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      $iptables -I OUTPUT -o wlan0 -p TCP --sport 443 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
      # Port 8080
      #$iptables -I INPUT -i wlan0 -p TCP --sport 1024:65535 --dport 8080 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      #$iptables -I OUTPUT -o wlan0 -p TCP --sport 8080 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
      # Port 3128
      #$iptables -I INPUT -i wlan0 -p TCP --sport 1024:65535 --dport 3128 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      #$iptables -I OUTPUT -o wlan0 -p TCP --sport 3128 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
            
# ICMP
      $iptables -I INPUT -i wlan0 -p ICMP --icmp-type echo-request -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
      $iptables -I OUTPUT -o wlan0 -p ICMP --icmp-type echo-request -m state --state ESTABLISHED,RELATED -j ACCEPT

      #####################################################
      # Erweiterte Sicherheitsfunktionen
      # SynFlood
      $iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
      # PortScan
      $iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
      # Ping-of-Death
      $iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

      #####################################################
      # bestehende Verbindungen akzeptieren
      $iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
      $iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

      #####################################################
      # Garbage übergeben wenn nicht erlaubt
      $iptables -A INPUT -m state --state NEW,INVALID -j garbage

      #####################################################
      # alles verbieten was bisher erlaubt war
      $iptables -A INPUT -j garbage
      $iptables -A OUTPUT -j garbage
      $iptables -A FORWARD -j garbage
      ;;