firewall startup script

Linux Netfilter discussions
 help / color / mirror / Atom feed

* firewall startup script
@ 2003-08-01 10:54 Felix Bauer
  2003-08-01 11:56 ` Ruprecht Helms
  0 siblings, 1 reply; 3+ messages in thread
From: Felix Bauer @ 2003-08-01 10:54 UTC (permalink / raw)
  To: netfilter

Hi,

if got a question about my script for my router-configuration. It should 
enable ip4warding, masquerade my local hosts,
allow my local hosts everything and open some ports which should be 
external available but if I run this script
it kinda stops after masquerading (I can read the output on the console 
but then everything is freezed since the local
ports aren't open anymore and not reopend by the script). Is there any 
logical error I missed?

<script>
#!/bin/bash
#** $Id$
#**
#** Firewall-startup script
#**

#** variables
iptables="/sbin/iptables"
localnet="192.168.0.0/24"
worldports="21 22 53 80"


case $1 in
    start)
    #** enable IP-forwarding
     echo "Enabling IP-Forwarding"
     echo "1" > /proc/sys/net/ipv4/ip_forward

     #** flush old chains
      echo "Flushing old rules"
      $iptables -F INPUT
      $iptables -F OUTPUT
      $iptables -F FORWARD
      $iptables -t nat -F PREROUTING
      $iptables -t nat -F POSTROUTING
      $iptables -t nat -F OUTPUT

     #** allow localnet everything
      echo "Creating rule for local network"
      $iptables -A INPUT -s localhost -d localhost -j ACCEPT
      $iptables -A INPUT -p tcp -s $localnet -j ACCEPT
      $iptables -A INPUT -p udp -s $localnet -j ACCEPT

     #** setup Masquerading
      echo "Creating rule for Masquerading"
      $iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

     #** opening ports
      echo "Opening ports:"
      $iptables -A INPUT -p icmp -j ACCEPT

      for port in $worldports
       do
        echo " - $port"
        $iptables -A INPUT -p tcp --dport $port -j ACCEPT
        $iptables -A INPUT -p udp --dport $port -j ACCEPT
       done

     #** Allow all outgoing packets to be not filtered
      $iptables --policy OUTPUT ACCEPT

     #** Drop everything else
      $iptables -A INPUT -j DROP
    ;;
    stop)
    ;;
    *)
    echo "Usage: $0 { start | stop }"
    ;;
    esac
exit 0
</script>

thx a lot
fe



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: firewall startup script
  2003-08-01 10:54 firewall startup script Felix Bauer
@ 2003-08-01 11:56 ` Ruprecht Helms
  2003-08-01 12:24   ` Felix Bauer
  0 siblings, 1 reply; 3+ messages in thread
From: Ruprecht Helms @ 2003-08-01 11:56 UTC (permalink / raw)
  To: Felix Bauer; +Cc: netfilter

On Fri, 2003-08-01 at 12:54, Felix Bauer wrote:
> Hi,
> 
> if got a question about my script for my router-configuration. It should 
> enable ip4warding, masquerade my local hosts,
> allow my local hosts everything and open some ports which should be 
> external available but if I run this script
> it kinda stops after masquerading (I can read the output on the console 
> but then everything is freezed since the local
> ports aren't open anymore and not reopend by the script). Is there any 
> logical error I missed?


>...

>      #** setup Masquerading
>       echo "Creating rule for Masquerading"
>       $iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

>...

You have to open a internetconnection and than pick up the ip-adress for
ppp0 from ifconfig and use it for ppp0. After this act you can start
your firewall.

Regards,
Ruprecht


-----------------------------------------------
Ruprecht Helms IT-Service & Softwareentwicklung

Tel./Fax  +49[0]7621 16 99 16
Homepage: http://www.rheyn.de
email:    info@rheyn.de
------------------------------------------------



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: firewall startup script
  2003-08-01 11:56 ` Ruprecht Helms
@ 2003-08-01 12:24   ` Felix Bauer
  0 siblings, 0 replies; 3+ messages in thread
From: Felix Bauer @ 2003-08-01 12:24 UTC (permalink / raw)
  To: rhelms; +Cc: netfilter

There is a internetconnection of course and ppp0 uses that ip-adress.

cheers
fe

Ruprecht Helms wrote:

>On Fri, 2003-08-01 at 12:54, Felix Bauer wrote:
>  
>
>>Hi,
>>
>>if got a question about my script for my router-configuration. It should 
>>enable ip4warding, masquerade my local hosts,
>>allow my local hosts everything and open some ports which should be 
>>external available but if I run this script
>>it kinda stops after masquerading (I can read the output on the console 
>>but then everything is freezed since the local
>>ports aren't open anymore and not reopend by the script). Is there any 
>>logical error I missed?
>>    
>>
>
>
>  
>
>>...
>>    
>>
>
>  
>
>>     #** setup Masquerading
>>      echo "Creating rule for Masquerading"
>>      $iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>>    
>>
>
>  
>
>>...
>>    
>>
>
>You have to open a internetconnection and than pick up the ip-adress for
>ppp0 from ifconfig and use it for ppp0. After this act you can start
>your firewall.
>
>Regards,
>Ruprecht
>
>
>-----------------------------------------------
>Ruprecht Helms IT-Service & Softwareentwicklung
>
>Tel./Fax  +49[0]7621 16 99 16
>Homepage: http://www.rheyn.de
>email:    info@rheyn.de
>------------------------------------------------
>
>
>
>  
>




^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2003-08-01 12:24 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-08-01 10:54 firewall startup script Felix Bauer
2003-08-01 11:56 ` Ruprecht Helms
2003-08-01 12:24   ` Felix Bauer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox