Re: Linux Firewall

On Thu, 25 May 2006 19:33:20 +0100, Mark <me4all@xxxxxxx> wrote:

On 23/05/06 14:47, Mark wrote:

Does the following firewall script make sense to you guys(it seems to
work)? Any suggestions and comments would be much appreciated.

BTW: Does anyone know how I need to set-up and configure the script so
that I don't have to run it manually everytime I start Suse?

I cannot answer for SuSE system, I'm on slackware ;)

What I do here is have rc.local startup a basic localnet-only
firewall, then pppoe startup calls the rc.firewall again with
parameters so the thing goes to full public access mode.

from my /etc/rc.d/rc.firewall script for a router/firewall box:

#!/bin/bash
echo -e "\nrc.firewall: '$1 $2 $3' version: 2006-05-25\c"
....
# This is a start/stop/restart script, though start, stop and default
# action switch the firewall to failsafe localnet mode.

case $1 in
restart )
# called from ip-up when ADSL connection established, parameters:
# $1 restart -- anything else switches firewall to local mode
# $2 <interface> -- example ppp0
# $3 <IP>, optional -- if specified the output will be SNAT to the
# supplied IP address, otherwise MASQUERADE is used

install_firewall_local_mode
if [ -z "$2" ]; then
echo -e "\nrc.firewall: warning: restart without \c"
echo -e "<interface>, local mode running."
exit 0
else
X_WORLD=$2 # eg. ppp0
fi
if [ -z "$3" ]; then
IP_WORLD="" # MASQUERADE
else
IP_WORLD=$3 # SNAT to supplied IP address
fi
install_firewall_world_mode
echo -e "\n\nrc.firewall: finish: world mode running."
;;

* )
# called from rc.inet2 during machine startup, start localnet only
# no firewall stop as we need failsafe localnet control
install_firewall_local_mode
echo -e "\n\nrc.firewall: finish: default local mode running."
;;
esac

Grant.
--
WinXP: Access Start->Turn Off Computer, then while holding Ctrl-Alt-Shift,
left click on Cancel. This terminates Windows Explorer...
.

Relevant Pages

  • Re: my lame attempt at a shell script...
    ... > pf - I wrote a replacement for ipfilter as I got dizzy trying to ... > Create your script and load rc.subr: ... are already built-in means to execute a custom firewall script: ... correct stage of startup, and thus, don't really want to mess with ...
    (freebsd-questions)
  • Re: RFC: my firewall ruleset(s)
    ... IPFW numbers rules that increment by 1. ... > The reasoning behind this is so I have a single firewall script for all ... Depending on the rc.conf entries on that server, the firewall ...
    (freebsd-questions)
  • Re: Turing of SP2 Firewall via registry entry?
    ... Group Policy that disables the firewall (see WF_XPSP2.doc ... Disabling the Use of Windows Firewall Across Your Network ... you create a script file that is read by ...
    (microsoft.public.windowsxp.security_admin)
  • Re: MS Security CD, wsh topic buried, non automated post (promise)
    ... Their stuff is for server is seems. ... you most likely want to script your 'access'. ... the firewall still inserted stuff in about every ... > Saying that you network drives may cease working. ...
    (microsoft.public.scripting.wsh)
  • Re: XPs Firewall
    ... How do you for example help people having just a single machine and an ... internet connection when a firewall is not available in their local ... script, or it's author? ... Yet all that guarantees is that if you download a script from my website ...
    (microsoft.public.security.virus)