Enabled iptables/ip6tables by default

ChangeLog

@@ -7,6 +7,8 @@ SystemRescueCd ChangeLog
 * Updated XFCE graphical environment to version 4.14
 * Updated parted to 3.3 and gparted to 1.0.0
 * Updated Grub boot loader to version 2.04
+* Enabled the iptables service to block incoming traffic by default
+* Added boot option "nofirewall" to disable the iptable service
 
 -------------------------------------------------------------------------------
 6.0.3 (2019-04-14):

airootfs/etc/iptables/ip6tables.rules

@@ -0,0 +1,8 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m conntrack --ctstate NEW -j ACCEPT
+COMMIT

airootfs/etc/iptables/iptables.rules

@@ -0,0 +1,8 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
+COMMIT

airootfs/etc/systemd/scripts/sysresccd-initialize

@@ -40,6 +40,15 @@ do
               errcnt=$((errcnt + 1))
           fi
           ;;
+
+      # Option to allow user to disable the firewall
+      nofirewall)
+          echo "Found option 'nofirewall' on the boot command line"
+          systemctl disable iptables.service
+          systemctl disable ip6tables.service
+          systemctl stop iptables.service
+          systemctl stop ip6tables.service
+          ;;
     esac
 done
 

airootfs/root/customize_airootfs.sh

@@ -31,6 +31,8 @@ sed -i 's/#\(HandleLidSwitch=\)suspend/\1ignore/' /etc/systemd/logind.conf
 
 # Services
 systemctl enable NetworkManager
+systemctl enable iptables.service
+systemctl enable ip6tables.service
 systemctl enable pacman-init.service
 systemctl enable choose-mirror.service
 systemctl enable sshd.service