Is the Firewall runing?

carl · 2005-01-06 19:21:29

I have write this firewall script called firewall
And put it in /etc/rc.d/

#!/bin/sh
#
# /etc/rc.d/firewall: start/stop firewall
#

if [ "$1" = "start" ]; then
/usr/sbin/iptables -F
/usr/sbin/iptables -P OUTPUT ACCEPT
/usr/sbin/iptables -P FORWARD DROP
/usr/sbin/iptables -P INPUT DROP
/usr/sbin/iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
/usr/sbin/iptables -A INPUT -i eth0 -m state
--state ESTABLISHED,RELATED -j ACCEPT
elif [ "$1" = "stop" ]; then
killall -q /usr/sbin/iptables
else
echo "usage: $0 start|stop"
fi

#end of file

and Then

"chown root /etc/rc.d/firewall"
"chmod 755 /etc/rc.d/firewall"

And in /etc/rc.conf put firewall in DAEMONS

DAEMONS=(syslog-ng hotplug firewall network netfs cups crond)

But when the coputer starts I can see nothing aubout my firewall

Starting syslog-ng
Starting hotplug
Starting network
Starting netfs
starting cups
Starting cron

My firewall is not starthing? Where ist it? Is the firewall running?

cactus · 2005-01-06 19:38:31

pacman -Sy iptables

then add iptables to the daemon list in /etc/rc.conf (preferably BEFORE starting the network)
run your iptables script (don't put it in /etc/rc.d that is where the daemon control script goes)
make sure things are allowed/disallowed properly.

/etc/rc.d/iptables save
the above saves your rules off, so when iptables starts up next time, it uses the saved rules.

carl · 2005-01-06 21:55:11

I am a litle confused ? you write

1.pacman -Sy iptables ( Okay I have iptables install)

2.then add iptables to the daemon list in /etc/rc.conf (preferably BEFORE starting the network)
DAEMONS=(syslog-ng hotplug iptables network netfs cups crond) "done"

3. run your iptables script (don't put it in /etc/rc.d that is where the daemon control script goes)
make sure things are allowed/disallowed properly.
"what do you mean by that, there are already a steipt there and I haven´t write this"

#!/bin/bash

# source application-specific settings
[ -f /etc/conf.d/iptables ] && . /etc/conf.d/iptables

. /etc/rc.conf
. /etc/rc.d/functions

case "$1" in
start)
if [ ! -f $IPTABLES_CONF ]; then
echo "Cannot load iptables rules: $IPTABLES_CONF is missing!" >&2
exit 1
fi
stat_busy "Starting IP Tables"
if [ "$IPTABLES_FORWARD" = "1" ]; then
echo 1 >/proc/sys/net/ipv4/ip_forward
fi
if ck_daemon iptables; then
/usr/sbin/iptables-restore < $IPTABLES_CONF
if [ $? -gt 0 ]; then
stat_fail
else
add_daemon iptables
stat_done
fi
else
stat_fail
fi
;;
stop)
stat_busy "Stopping IP Tables"
echo 0 >/proc/sys/net/ipv4/ip_forward
if ! ck_daemon iptables; then
$IPTABLES -F &>/dev/null &&
$IPTABLES -X &>/dev/null &&
$IPTABLES -Z &>/dev/null
if [ $? -gt 0 ]; t
4./etc/rc.d/iptables save "done"

When the computer starts it says
Starting IP tables
And when I shutdown iI says Stoping IP tables

Doesn´t the file /etc/rc.d/iptables work within the computer, instead of my file /etc/rc.d/firewall

cactus · 2005-01-06 23:54:21

?
That last part eluded me. I don't think I understand your statement. Let me try to clarify.
The /etc/rc.d/iptables script only controls the iptables "daemon"
It starts it, stops it, and saves rules for it.

By running your script once iptables has started, it will alter the rules for iptables. Creating chains and rules, etc. This is akin to doing it by hand.
iptables -A INPUT... and so on

You have to create your own rules, because the default for iptables is pretty darn bare. The default rules are in... /etc/iptables/ i think.
you might have to rename simple_rules or whatever the other one is to iptables.rules
Then when you start iptables, it starts with those rules already loaded.

so, you run your own rule script, then do /etc/rc.d/iptables save
and it saves your running rules to /etc/iptables/iptables.rules
and upon next startup that rule file is loaded by default.

I hope that helps clarify. Sorry if I didn't explain better initially.

oscar · 2005-01-07 11:18:43

When you get tired of not understanding iptables - join the dark side, and start using firehol

tmadhavan · 2005-01-07 11:23:21

Any other non scripting-intensive firewalls?

carl · 2005-01-07 11:53:44

I think I understand it

The /etc/rc.d/iptables script look for my rules in /etc/iptables/iptables.rules
Is hat right :?:

My /etc/iptables/iptables.rules

# Generated by iptables-save v1.2.11 on Fri Jan 7 12:05:12 2005
*filter
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -s 127.0.0.0/255.0.0.0 -d 127.0.0.0/255.0.0.0 -i lo -j ACCEPT
iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Fri Jan 7 12:05:12 2005

What about my script /etc/rc.d/ firewal Do I need it
:?:
I running kernel26scsi

@leX · 2005-01-07 13:51:08

http://bbs.archlinux.org/viewtopic.php?t=2367

phrakture · 2005-01-07 15:50:38

tmadhavan wrote:

Any other non scripting-intensive firewalls?

firestarter

carl · 2005-01-07 17:04:04

Thanks for link http://bbs.archlinux.org/viewtopic.php?t=2367
My firewll is running ferfectly now

cactus · 2005-01-07 17:38:59

8)

carl · 2005-01-08 11:58:22

Yes, and thank to you Cactus for helping me.

Arch Linux

#1 2005-01-06 19:21:29

Is the Firewall runing?

#2 2005-01-06 19:38:31

Re: Is the Firewall runing?

#3 2005-01-06 21:55:11

Re: Is the Firewall runing?

#4 2005-01-06 23:54:21

Re: Is the Firewall runing?

#5 2005-01-07 11:18:43

Re: Is the Firewall runing?

#6 2005-01-07 11:23:21

Re: Is the Firewall runing?

#7 2005-01-07 11:53:44

Re: Is the Firewall runing?

#8 2005-01-07 13:51:08

Re: Is the Firewall runing?

#9 2005-01-07 15:50:38

Re: Is the Firewall runing?

#10 2005-01-07 17:04:04

Re: Is the Firewall runing?

#11 2005-01-07 17:38:59

Re: Is the Firewall runing?

#12 2005-01-08 11:58:22

Re: Is the Firewall runing?

Board footer