[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Firewall config
- From: "Henri J. Schlereth" <henris bga com>
- To: redhat-install-list redhat com
- Subject: Re: Firewall config
- Date: Sat, 3 Jun 2000 08:19:03 -0500 (CDT)
>
> How can I insert rules mafe in Gfcc ot Firestarter (Firewall Programs) into IP
> chains to start automatically with Linux? I can make the rules perfectly, and
> they work great, until I log out of Root ~ basically meaning that they do not
> get saved, but are being used temporarily.
>
> Thanks in advance,
>
> Ralph
>
Since RH6.1 there is an ipchains script in /etc/rc.d/init.d.
So the documentation is there.
#!/bin/sh
#
# Startup script to implement /etc/sysconfig/ipchains pre-defined rules.
#
# chkconfig: - 08 92
#
# description: Automates a packet filtering firewall with ipchains.
#
# Script Author: Joshua Jensen <joshua redhat com>
# -- hacked up by gafton with help from notting
#
# config: /etc/sysconfig/ipchains
# Sorce 'em up
. /etc/rc.d/init.d/functions
IPCHAINS_CONFIG=/etc/sysconfig/ipchains
if [ ! -x /sbin/ipchains ]; then
exit 0
fi
case "$1" in
start)
# don't do squat if we don't have the config file
if [ -f $IPCHAINS_CONFIG ]; then
# If we don't clear these first, we might be adding to
# pre-existing rules.
action "Flushing all current rules and user defined chains:" ipchains -F
action "Clearing all current rules and user defined chains:" ipchains -X
ipchains -Z
echo -n "Applying ipchains firewall rules:"
grep -v "^#" $IPCHAINS_CONFIG | ipchains-restore -p -f && \
success "Applying ipchains firewall rules" || \
failure "Applying ipchains firewall rules"
echo
touch /var/lock/subsys/ipchains
fi
;;
stop)
action "Flushing all chains:" ipchains -F
action "Removing user defined chains:" ipchains -X
echo -n "Resetting built-in chains to the default ACCEPT policy:"
ipchains -P input ACCEPT && \
ipchains -P forward ACCEPT && \
ipchains -P output ACCEPT && \
success "Resetting built-in chains to the default ACCEPT policy" || \
failure "Resetting built-in chains to the default ACCEPT policy"
echo
rm -f /var/lock/subsys/ipchains
;;
restart)
# "restart" is really just "start" as this isn't a daemon,
# and "start" clears any pre-defined rules anyway.
# This is really only here to make those who expect it happy
$0 start
;;
status)
ipchains -nL
;;
panic)
echo -n "Changing target policies to DENY: "
ipchains -P input DENY && \
ipchains -P forward DENY && \
ipchains -P output DENY && \
success "Changing target policies to DENY" || \
failure "Changing target policies to DENY"
action "Flushing all chains:" ipchains -F
action "Removing user defined chains:" ipchains -X
;;
save)
echo -n "Saving current rules to $IPCHAINS_CONFIG: "
ipchains-save > $IPCHAINS_CONFIG 2>/dev/null && \
success "Saving current rules to $IPCHAINS_CONFIG" || \
failure "Saving current rules to $IPCHAINS_CONFIG"
;;
*)
echo "Usage: $0 {start|stop|restart|status|panic|save}"
exit 1
esac
exit 0
--
-------------------------------------------------------------
Register Linux User #142063 http://counter.li.org
ICANN Large Member #202266 http://www.icann.org
Founding Member of Something or the Other.
-------------------------------------------------------------
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]