firewall script placement

All of lore.kernel.org
 help / color / mirror / Atom feed

* firewall script placement
@ 2003-01-19 13:04 Zander Subatomic
  2003-01-19 19:30 ` Michael J. Tubby B.Sc. (Hons) G8TIC
  0 siblings, 1 reply; 3+ messages in thread
From: Zander Subatomic @ 2003-01-19 13:04 UTC (permalink / raw)
  To: netfilter

ok this may sound like a silly question but where do I put the script?? I'm
running 7.3 RedHat and before I used to just write the script in a file and
then copy & paste it into a command line for the initial creation and then
use the iptables-save to /etc/sysconfig/iptables which worked fine for it to
be loaded on a reboot. Now I have a larger, more complex rule set I thought
I'd finall write a script for it but I've only got a slight understanding of
the start up process.

Do I need to put the script in the /etc/rc.d/init.d/ directory and then
create the startup/kill links in the /etc/rcX.d/ directories by hand or can
I just put a:

# chkconfig: 2345 <one above iptables start number> <one below iptables kill
number>

Could I change the line: IPTABLES_CONFIG=/etc/sysconfig/iptables in
/etc/rc.d/init.d/iptables script to my script? I'm assuming though it would
have to be in the format of the iptables-save command so wouldn't work? I
have looked around the place and previous posts but have never seen this
mentioned.

Or am I way of the mark? :o)

cheers

Zander

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: firewall script placement
  2003-01-19 13:04 firewall script placement Zander Subatomic
@ 2003-01-19 19:30 ` Michael J. Tubby B.Sc. (Hons) G8TIC
  2003-01-19 23:57   ` Zander Subatomic
  0 siblings, 1 reply; 3+ messages in thread
From: Michael J. Tubby B.Sc. (Hons) G8TIC @ 2003-01-19 19:30 UTC (permalink / raw)
  To: Zander Subatomic, netfilter


> ok this may sound like a silly question but where do I put the script?? I'm
> running 7.3 RedHat and before I used to just write the script in a file and
> then copy & paste it into a command line for the initial creation and then
> use the iptables-save to /etc/sysconfig/iptables which worked fine for it to
> be loaded on a reboot. Now I have a larger, more complex rule set I thought
> I'd finall write a script for it but I've only got a slight understanding of
> the start up process.
> 
> Do I need to put the script in the /etc/rc.d/init.d/ directory and then
> create the startup/kill links in the /etc/rcX.d/ directories by hand or can
> I just put a:
> 
> # chkconfig: 2345 <one above iptables start number> <one below iptables kill
> number>
> 
> Could I change the line: IPTABLES_CONFIG=/etc/sysconfig/iptables in
> /etc/rc.d/init.d/iptables script to my script? I'm assuming though it would
> have to be in the format of the iptables-save command so wouldn't work? I
> have looked around the place and previous posts but have never seen this
> mentioned.
> 
> Or am I way of the mark? :o)
> 
> cheers
> 
> Zander
> 


Zander,

I use a homebrew iptables based firewall script on all my RH 7.2, 7.3
and 8.0 machines which is based on Oskar's tutorial and good work
as its much more flexible than the built-in systems...

I call the script "rc.firewall" and keep it in /etc/rc.d as its a bit non-standard
like rc.local and then cd to /etc/rc.d/rc3.d and hack things a little by
removing S07/08/09 ipchains/iptables stuff, and adding a symbolic
link:

    ln -s ../rc.firewall S11firewall

so that the start up sequence ends up looking something like this:

    S05kudzu -> ../init.d/kudzu
    S06reconfig -> ../init.d/reconfig
    S10network -> ../init.d/network
    S11firewall -> ../rc.firewall
    S12syslog -> ../init.d/syslog
    S18autofs -> ../init.d/autofs
    S20apcupsd -> ../init.d/apcupsd
    S20random -> ../init.d/random
    S25netfs -> ../init.d/netfs
    S35identd -> ../init.d/identd
    S40atd -> ../init.d/atd
    S50xinetd -> ../init.d/xinetd
    S55named -> ../init.d/named
    S55sshd -> ../init.d/sshd
    S56ntpd -> ../init.d/ntpd
    S56rawdevices -> ../init.d/rawdevices
    S65dhcpd -> ../init.d/dhcpd
    S75keytable -> ../init.d/keytable
    S80courier-imap -> ../init.d/courier-imap
    S80exim -> ../init.d/exim
    S80spamassassin -> ../init.d/spamassassin
    S85httpd -> ../init.d/httpd
    S90crond -> ../init.d/crond
    S90squid -> ../init.d/squid
    S95anacron -> ../init.d/anacron
    S99local -> ../rc.local


Something like this should work for you also....


Mike



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: firewall script placement
  2003-01-19 19:30 ` Michael J. Tubby B.Sc. (Hons) G8TIC
@ 2003-01-19 23:57   ` Zander Subatomic
  0 siblings, 0 replies; 3+ messages in thread
From: Zander Subatomic @ 2003-01-19 23:57 UTC (permalink / raw)
  To: Michael J. Tubby B.Sc. (Hons) G8TIC, netfilter

> Zander,
>
> I use a homebrew iptables based firewall script on all my RH 7.2, 7.3
> and 8.0 machines which is based on Oskar's tutorial and good work
> as its much more flexible than the built-in systems...
>
> I call the script "rc.firewall" and keep it in /etc/rc.d as its a bit
non-standard
> like rc.local and then cd to /etc/rc.d/rc3.d and hack things a little by
> removing S07/08/09 ipchains/iptables stuff, and adding a symbolic
> link:
>
>     ln -s ../rc.firewall S11firewall
>
> so that the start up sequence ends up looking something like this:
>

<SNIP>

cheers for the advice, I have managed to cludge it and get boot-up firewall
script up and running, excellent! :o)

Z



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2003-01-19 23:57 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-01-19 13:04 firewall script placement Zander Subatomic
2003-01-19 19:30 ` Michael J. Tubby B.Sc. (Hons) G8TIC
2003-01-19 23:57   ` Zander Subatomic

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.