You are not logged in.

#1 2005-01-06 19:21:29

carl
Member
From: Denmark
Registered: 2004-02-21
Posts: 31
Website

Is the Firewall runing?

I have write this firewall script called firewall
And put it in /etc/rc.d/

#!/bin/sh
#
# /etc/rc.d/firewall: start/stop firewall
#

if [ "$1" = "start" ]; then
    /usr/sbin/iptables -F
    /usr/sbin/iptables -P OUTPUT ACCEPT
    /usr/sbin/iptables -P FORWARD DROP
    /usr/sbin/iptables -P INPUT DROP
    /usr/sbin/iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
    /usr/sbin/iptables -A INPUT -i eth0 -m state
    --state ESTABLISHED,RELATED -j ACCEPT
elif [ "$1" = "stop" ]; then   
    killall -q /usr/sbin/iptables
else   
    echo "usage: $0 start|stop"
fi   

#end of file

and Then

"chown root /etc/rc.d/firewall"
"chmod 755 /etc/rc.d/firewall"

And in /etc/rc.conf put  firewall  in  DAEMONS

DAEMONS=(syslog-ng hotplug firewall network netfs cups crond)

But when the coputer starts I can see nothing aubout my firewall

Starting syslog-ng
Starting hotplug
Starting network
Starting netfs
starting cups
Starting cron

My firewall is not starthing? Where ist it?  Is the firewall running?

Offline

#2 2005-01-06 19:38:31

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: Is the Firewall runing?

pacman -Sy iptables

then add iptables to the daemon list in /etc/rc.conf (preferably BEFORE starting the network)
run your iptables script (don't put it in /etc/rc.d that is where the daemon control script goes)
make sure things are allowed/disallowed properly.

/etc/rc.d/iptables save
the above saves your rules off, so when iptables starts up next time, it uses the saved rules.


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#3 2005-01-06 21:55:11

carl
Member
From: Denmark
Registered: 2004-02-21
Posts: 31
Website

Re: Is the Firewall runing?

I am a litle confused ? you write

1.pacman -Sy iptables ( Okay I have iptables install)

2.then add iptables to the daemon list in /etc/rc.conf (preferably BEFORE starting the network)
DAEMONS=(syslog-ng hotplug iptables network netfs cups crond) "done"

3. run your iptables script (don't put it in /etc/rc.d that is where the daemon control script goes)
make sure things are allowed/disallowed properly.
"what do you mean by that, there are already a steipt there and I haven´t write this"

#!/bin/bash

# source application-specific settings
[ -f /etc/conf.d/iptables ] && . /etc/conf.d/iptables

. /etc/rc.conf
. /etc/rc.d/functions

case "$1" in
    start)
        if [ ! -f $IPTABLES_CONF ]; then
            echo "Cannot load iptables rules: $IPTABLES_CONF is missing!" >&2
            exit 1
        fi
        stat_busy "Starting IP Tables"
        if [ "$IPTABLES_FORWARD" = "1" ]; then
            echo 1 >/proc/sys/net/ipv4/ip_forward
        fi
        if ck_daemon iptables; then
            /usr/sbin/iptables-restore < $IPTABLES_CONF
            if [ $? -gt 0 ]; then
                stat_fail
            else
                add_daemon iptables
                stat_done
            fi
        else
            stat_fail
        fi
        ;;
    stop)
        stat_busy "Stopping IP Tables"
        echo 0 >/proc/sys/net/ipv4/ip_forward
        if ! ck_daemon iptables; then
            $IPTABLES -F &>/dev/null &&
                $IPTABLES -X &>/dev/null &&
                $IPTABLES -Z &>/dev/null
            if [ $? -gt 0 ]; t
4./etc/rc.d/iptables save "done"


When the computer starts it says
Starting IP tables
And when  I shutdown iI says Stoping IP tables

Doesn´t the file  /etc/rc.d/iptables work within the computer, instead of my file /etc/rc.d/firewall

Offline

#4 2005-01-06 23:54:21

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: Is the Firewall runing?

?
That last part eluded me. I don't think I understand your statement. Let me try to clarify.
The /etc/rc.d/iptables script only controls the iptables "daemon"
It starts it, stops it, and saves rules for it.

By running your script once iptables has started, it will alter the rules for iptables. Creating chains and rules, etc. This is akin to doing it by hand.
iptables -A INPUT... and so on

You have to create your own rules, because the default for iptables is pretty darn bare. The default rules  are in... /etc/iptables/  i think.
you might have to rename simple_rules or whatever the other one is to iptables.rules
Then when you start iptables, it starts with those rules already loaded.

so, you run your own rule script, then do /etc/rc.d/iptables save
and it saves your running rules to /etc/iptables/iptables.rules
and upon next startup that rule file is loaded by default.

I hope that helps clarify. Sorry if I didn't explain better initially.


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#5 2005-01-07 11:18:43

oscar
Member
From: Linköping, Sweden
Registered: 2004-08-13
Posts: 457

Re: Is the Firewall runing?

When you get tired of not understanding iptables - join the dark side, and start using firehol big_smile


To err is human... to really foul up requires the root password.

Offline

#6 2005-01-07 11:23:21

tmadhavan
Member
From: Wales :D
Registered: 2004-03-26
Posts: 441

Re: Is the Firewall runing?

Any other non scripting-intensive firewalls?

Offline

#7 2005-01-07 11:53:44

carl
Member
From: Denmark
Registered: 2004-02-21
Posts: 31
Website

Re: Is the Firewall runing?

I think I understand it big_smile

The /etc/rc.d/iptables script look for my rules in /etc/iptables/iptables.rules
Is hat right :?:

My /etc/iptables/iptables.rules

# Generated by iptables-save v1.2.11 on Fri Jan  7 12:05:12 2005
*filter
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -s 127.0.0.0/255.0.0.0 -d 127.0.0.0/255.0.0.0 -i lo -j ACCEPT
iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Fri Jan  7 12:05:12 2005

What about my script /etc/rc.d/ firewal Do I need it
:?:
I running kernel26scsi

Offline

#8 2005-01-07 13:51:08

@leX
Member
From: Israel
Registered: 2003-11-06
Posts: 76

Re: Is the Firewall runing?

Offline

#9 2005-01-07 15:50:38

phrakture
Arch Overlord
From: behind you
Registered: 2003-10-29
Posts: 7,879
Website

Re: Is the Firewall runing?

tmadhavan wrote:

Any other non scripting-intensive firewalls?

firestarter

Offline

#10 2005-01-07 17:04:04

carl
Member
From: Denmark
Registered: 2004-02-21
Posts: 31
Website

Re: Is the Firewall runing?

Thanks for link http://bbs.archlinux.org/viewtopic.php?t=2367
My firewll is running ferfectly now  big_smile

Offline

#11 2005-01-07 17:38:59

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: Is the Firewall runing?

8)


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#12 2005-01-08 11:58:22

carl
Member
From: Denmark
Registered: 2004-02-21
Posts: 31
Website

Re: Is the Firewall runing?

Yes, and thank to you Cactus for helping me.

Offline

Board footer

Powered by FluxBB