1 files changed, 13 insertions, 1 deletions

diff --git a/firewall b/firewall
index 9661098..1117ee5 100644
--- a/firewall
+++ b/firewall
@@ -20,6 +20,7 @@ WHITE='\033[0m'
 RED='\033[0;31m'
 
 ALLOW_PING=0
+FUNNY_BUSINESS=0
 
 function do_log 
 {
@@ -51,6 +52,16 @@ function flush_all
     do_log "All chains flushed" $?
 }
 
+function block_shenanigans
+{
+    iptables -A INPUT -f -j DROP
+    do_log "Blocking packet fragments" $?
+    iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
+    do_log "Blocking null packets" $?
+    iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
+    do_log "Blocking christmas-tree packets" $?
+}
+
 function set_ping
 {
     policy="ACCEPT"
@@ -74,7 +85,7 @@ function load_policy
     LOADFILE="/etc/firewall/iptables-$policy"
 
     if [ -r $LOADFILE ]; then
-        . $LOADFILE
+        source $LOADFILE
         flush_all
         do_log "Loading ruleset $LOADFILE" $?
     else
@@ -138,6 +149,7 @@ function lockdown
 function build_firewall
 {
     load_policy $1
+    [[ $FUNNY_BUSINESS == 0 ]] && block_shenanigans
     set_defaults
     set_ping $ALLOW_PING