From: "Gáspár Lajos" <swifty@freemail.hu>
To: gabrix <gabrix@gabrix.ath.cx>
Cc: netfilter <netfilter@lists.netfilter.org>
Subject: Re: my script !
Date: Fri, 27 Oct 2006 09:42:19 +0200 [thread overview]
Message-ID: <4541B85B.5060409@freemail.hu> (raw)
In-Reply-To: <45411A9A.6080509@gabrix.ath.cx>
Intresting... :)
Take a look on my script also... :)
Swifty
gabrix írta:
> I would like your opinion on my firewall script.I will also list all
> services avialable on each machine in lan and how lan is configured...
> keep tight !!!
> my lan :
>
...
>> #!/bin/bash -x
>>
>>
>> #LOAD mODULES
>> modprobe ip_conntrack_ftp
>> modprobe ip_nat_ftp
>> modprobe ip_conntrack_irc
>> modprobe ip_nat_irc
>>
>> # ALCUNE VARIABILI PER INIZIARE
>> NET1=192.168.0.0/16
>> NET2=192.168.0.0/30
>> NET3=192.168.1.0/29
>> NET4=192.168.1.0/24
>> ROUT=192.168.0.1/32
>> ARG0=192.168.0.2/32
>> ARG1=192.168.1.1/32
>> WWW=192.168.1.4/32
>> MAIL=192.168.6/32
>> MAC=192.168.0.3/32
>> DNS1=85.37.17.11/32
>> DNS2=85.38.28.69/32
>> IPT=/sbin/iptables
>> IF0=eth0
>> IF1=eth1
>>
>> # FLUSH
>> echo "0" > /proc/sys/net/ipv4/ip_forward
>>
>> $IPT -P INPUT ACCEPT
>> $IPT -P FORWARD ACCEPT
>> $IPT -P OUTPUT ACCEPT
>>
Policy: ACCEPT
>> $IPT -t nat -P PREROUTING ACCEPT
>> $IPT -t nat -P POSTROUTING ACCEPT
>> $IPT -t nat -P OUTPUT ACCEPT
>> $IPT -t mangle -P PREROUTING ACCEPT
>> $IPT -t mangle -P POSTROUTING ACCEPT
>> $IPT -t mangle -P INPUT ACCEPT
>> $IPT -t mangle -P OUTPUT ACCEPT
>> $IPT -t mangle -P FORWARD ACCEPT
Default policy is always ACCEPT....
>> $IPT -F
>> $IPT -t nat -F
>> $IPT -t mangle -F
>> $IPT -X
>> $IPT -t nat -X
>> $IPT -t mangle -X
>>
>> # DEFAULTS
>> $IPT -P INPUT DROP
>> $IPT -P OUTPUT DROP
>> $IPT -P FORWARD DROP
>>
Policy: DROP
Why ACCEPT before, and DROP now?
>> $IPT -t mangle -P PREROUTING ACCEPT
>> $IPT -t mangle -P OUTPUT ACCEPT
>> $IPT -t nat -P PREROUTING ACCEPT
>> $IPT -t nat -P POSTROUTING ACCEPT
>> $IPT -t nat -P OUTPUT ACCEPT
>>
>>
>>
Default policy
>> # FREE_LOCALHOST
>> $IPT -A INPUT -j ACCEPT -i lo
>> $IPT -A INPUT -j ULOG --ulog-prefix "LOCAL_SPOOF:" -i ! lo -s
>> 127.0.0.1/255.0.0.0
>> $IPT -A INPUT -j DROP -i ! lo -s 127.0.0.1/255.0.0.0
>> $IPT -A OUTPUT -j ACCEPT -o lo
>>
>>
>> # LAN eth0
>> $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>> $IPT -A INPUT -i $IF0 -s $NET2 -j ACCEPT
>> $IPT -A INPUT -i $IF0 -s $MAC -j ACCEPT
>> $IPT -A INPUT -i $IF0 -s $NET1 -j ULOG --ulog-prefix " ### ETH0__SPOOF:"
>> $IPT -A INPUT -i $IF0 -s $NET1 -j DROP
>>
>> # LAN eth1
>> $IPT -A INPUT -i eth1 -s 192.168.1.0/29 -j ACCEPT
>>
>> ##
>> WW=135,136,137,138,139,445
>> $IPT -t nat -I PREROUTING -p tcp -i $IF0 -d $ARG0 -m multiport --dport
>> $WW -j DROP
>> $IPT -t nat -I PREROUTING -p udp -i $IF0 -d $ARG0 -m multiport --dport
>> $WW -j DROP
>>
>> # MSSQL
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp --dport 1433:1434 -m limit -j
>> ULOG --ulog-prefix "Firewalled packet: MSSQL "
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp --dport 1433:1434 -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p udp --dport 1433:1434 -m limit -j
>> ULOG --ulog-prefix "Firewalled packet: MSSQL "
>> $IPT -t nat -I PREROUTING -i $IF0 -p udp --dport 1433:1434 -j DROP
>>
>> # Traceroutes depend on finding a rejected port. DROP the ones it uses
>> $IPT -t nat -I PREROUTING -i eth0 -p udp --dport 33434:33523 -j ULOG
>> --ulog-prefix "TRACEROUTE_UDP:"
>> $IPT -t nat -I PREROUTING -i eth0 -p udp --dport 33434:33523 -j DROP
>>
>>
>> # GNUTELLA NETWORK
>> $IPT -t nat -I PREROUTING -i $IF0 -p udp --dport 6346:6348 -d $NET2 -j
>> DROP
>>
>> # PORTS_BLACK_LIST
>> PBL=1024,1025,1026,1027,33058,34120,40193
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 -m multiport
>> --dports $PBL -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p udp -d $NET2 -m multiport
>> --dports $PBL -j DROP
>>
>> # UDP Traceroute
>> $IPT -t nat -I PREROUTING -i $IF0 -p udp -d 192.168.0.0/16 --dport
>> 33434:33523 -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p udp -d 192.168.0.0/16 --dport
>> 33434:33523 -j ULOG --ulog-prefix "UDP_TRACEROUTES :"
>>
>>
>> #-----------------------------------------------------------------------------------#
>> # ICMP
>> TYPES #
>> #-----------------------------------------------------------------------------------#
>> #
>> #
>> # 0 = Echo Reply, what gets sent back after a type 8 is received
>> here #
>> # 3 = Destination Unreachable (inbound) or Fragmentation Needed
>> (out) [RFC792] #
>> # 4 = Source Quench tells sending IP to slow down its rate to
>> destination #
>> # 5 = Redirect
>> [RFC792] #
>> # 6 = Alternate Host
>> Address #
>> # 8 = Echo Request used for pinging hosts, but see the note
>> above #
>> # 9 = Router Advertisement
>> [RFC1256] #
>> # 10 = Router Selection
>> [RFC1256] #
>> # 11 = Time Exceeded used for traceroute (TTL) or sometimes frag
>> packets #
>> # 12 = Parameter Problem is some error or weirdness detected in
>> header #
>> # 13 = Timestamp
>> [RFC792] #
>> # 14 = Timestamp Reply
>> [RFC792] #
>> # 15 = Information Request
>> [RFC792] #
>> # 16 = Information Reply
>> [RFC792] #
>> # 17 = Address Mask Request
>> [RFC950] #
>> # 18 = Address Mask Reply
>> [RFC950] #
>> # 30 = Traceroute
>> [RFC1393] #
>> #
>> #
>> #-----------------------------------------------------------------------------------#
>>
>> # ICMP
>> $IPT -t nat -I PREROUTING -i $IF0 -p icmp -d $NET1 -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p icmp --icmp-type 0 -m limit
>> --limit 3/s -d $NET1 -j ACCEPT
>> $IPT -t nat -I PREROUTING -i $IF0 -p icmp --icmp-type 3 -m limit
>> --limit 3/s -d $NET1 -j ACCEPT
>>
>> # CHECK_FLAGS
>> $IPT -t nat -I PREROUTING -i $IF0 -f -d $NET2 -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -f -d $NET2 -j ULOG --ulog-prefix
>> "FRAGMENTS:"
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 -m state --state
>> INVALID -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 -m state --state
>> INVALID -j ULOG --ulog-prefix "INVALID_FLAGS:"
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL
>> FIN,URG,PSH -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL
>> FIN,URG,PSH -m limit --limit 3/s -j ULOG --ulog-prefix "NMAP-XMAS_SCAN:"
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags SYN,RST
>> SYN,RST -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags SYN,RST
>> SYN,RST -m limit --limit 3/s -j ULOG --ulog-prefix "SYN/RST_SCAN: "
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags SYN,FIN
>> SYN,FIN -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags SYN,FIN
>> SYN,FIN -m limit --limit 3/s -j ULOG --ulog-prefix "SYN/FIN_SCAN: "
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL FIN
>> -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL FIN
>> -m limit --limit 3/s -j ULOG --ulog-prefix "FIN_SCAN:"
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL ALL
>> -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL ALL
>> -m limit --limit 3/s -j ULOG --ulog-prefix "ALL/ALL__SCAN : "
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL NONE
>> -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL NONE
>> -m limit --limit 3/s -j ULOG --ulog-prefix "NULL_SCAN: "
>>
>>
>> # _____________ANTISPOOF
>>
>> cat /home/gabrix/bogon-bn-nonagg.txt |\
>> egrep -ve
>> "(^127\.|^192\.168\.|^41\.|^73\.|^76\.|^89\.|^90\.|^121\.|^122\.|^123\.\
>> |^124\.|^125\.|^126\.|^189\.| ^190\.)"|while read s; do
>> $IPT -t nat -I PREROUTING -i $IF0 -s $s -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -s $s -j ULOG --ulog-prefix
>> 'BOGON_SPOOF:'
>> done
>>
>> # Make laptop get into LAN
>> #echo
>> "-----------------------------------------------------------------------------------------------------"
>> #$IPT -t nat -A PREROUTING -i eth0 -p ALL -s 192.168.0.3/32 -d
>> 192.168.1.0/24 -j DNAT --to-dest 192.168.1.1
>>
>>
>> # PREROUTING DNAT ################################# -------------------- >
>> # HTTP & HTTPS per .... www.gabrix.ath.cx
>> /sbin/iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 80 -d
>> 192.168.0.2/32 -j DNAT --to 192.168.1.4:80
>> /sbin/iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 443 -d
>> 192.168.0.2/32 -j DNAT --to 192.168.1.4:443
>> # HTTP ... per .... mail.gabrix.ath.cx
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 --dport 80 -m state --state
>> NEW -d 192.168.0.2/32 -j DNAT --to 192.168.1.6:80
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 --dport 443 -m state --state
>> NEW -d 192.168.0.2/32 -j DNAT --to 192.168.1.6:443
>>
>>
>>
>> # SMTP
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport 25
>> -j DNAT --to 192.168.1.6:25
>>
>>
>> # INN
>> #$IPT -t nat -A PREROUTING -i eth0 -p tcp -d 192.168.0.2/32 --dport
>> 119 -j DNAT --to 192.168.1.4:119
>>
>>
>> # IRCD
>> IRC=6664:6669
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport
>> $IRC -j DNAT --to 192.168.1.4:6664-6669
>> $IPT -t nat -A PREROUTING -p udp -i $IF0 -d 192.168.0.2/32 --dport
>> 32768 -j DNAT --to 192.168.1.4:32768
>>
>>
>> # FTP
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport 20
>> -j DNAT --to 192.168.1.4:20
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport 21
>> -j DNAT --to 192.168.1.4:21
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport
>> 60000:65535 -m state --state ESTABLISHED,RELATED -j DNAT --to
>> 192.168.1.4:60000-65534
>>
>>
>> # POP-SSL
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport 995
>> -j DNAT --to 192.168.1.6:995
>> $IPT -t nat -A PREROUTING -p udp -i $IF0 -d 192.168.0.2/32 --dport 995
>> -j DNAT --to 192.168.1.6:995
>>
>>
>> # TIM --- DNS
>> $IPT -t nat -A PREROUTING -p ALL -i $IF0 -s $DNS1 -d $ARG0 -j DNAT
>> --to 192.168.1.6
>> $IPT -t nat -A PREROUTING -p ALL -i $IF0 -s $DNS2 -d $ARG0 -j DNAT
>> --to 192.168.1.6
>>
>> # PROXY
>> #$IPT -t nat -I PREROUTING -i $IF1 -p tcp -s $NET3 --dport 80 -j DNAT
>> --to 192.168.1.1:8888
>>
>> # EMULE
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport
>> 18744 -j DNAT --to 192.168.1.2:18744
>> $IPT -t nat -A PREROUTING -p udp -i $IF0 -d 192.168.0.2/32 --dport
>> 57692 -j DNAT --to 192.168.1.2:57692
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport
>> 4711 -j DNAT --to 192.168.1.2:4711
>> $IPT -t nat -A PREROUTING -p udp -i $IF0 -d 192.168.0.2/32 --dport
>> 4672 -j DNAT --to 192.168.1.2:4672
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport
>> 4661:4662 -j DNAT --to 192.168.1.2:4661-4662
>>
>> ##########################################################################################
>> # INPUT ARGO
>> SERVICES #
>> ##########################################################################################
>> # I want broadcats to reach only machines in lan and avoid packets to
>> go out in the internet and other #machines
>>
>> # BROADCASTS
>> # ETH0
>> $IPT -A INPUT -i $IF0 -d 255.255.255.255/32 -j ULOG --ulog-prefix
>> "NET_BROADCASTS:"
>> $IPT -A INPUT -i $IF0 -d 255.255.255.255/32 -j DROP
>>
>> # ETH1
>> $IPT -A INPUT -i $IF1 -j ACCEPT -s 192.168.1.0/29 -d 192.168.1.255/29
>> $IPT -A INPUT -i $IF1 -j ULOG --ulog-prefix "LAN_BROADCASTS:" -s
>> 192.168.1.0/29 -d 192.168.1.255/32
>> $IPT -A INPUT -i $IF1 -j DROP -s 192.168.1.0/29 -d 192.168.1.255/32
>>
>> $IPT -A INPUT -i $IF1 -j ACCEPT -s 192.168.1.0/29 -d 255.255.255.255/29
>> $IPT -A INPUT -i $IF1 -j ULOG --ulog-prefix "LAN_NBIOS_BROADCASTS:" -s
>> 192.168.1.0/29 -d 255.255.255.255/32
>> $IPT -A INPUT -i $IF1 -j DROP -s 192.168.1.0/29 -d 255.255.255.255/32
>>
>> # MULTICASTS
>> $IPT -A INPUT -i $IF0 -j DROP -m state --state NEW -d 224.0.0.0/4 -p ! 6
>>
>> # INPUT ARGO_SERVICES -----------------------------------------
>> # TOR
>> $IPT -t nat -A PREROUTING -i $IF0 -p tcp --dport 22 -j REDIRECT
>> --to-port 9090
>> $IPT -t nat -A PREROUTING -i $IF0 -p tcp --dport 110 -j REDIRECT
>> --to-port 9091
>> $IPT -A INPUT -i eth0 -p tcp -d 192.168.0.2/32 --dport 9090 -j ACCEPT
>> $IPT -A INPUT -i eth0 -p tcp -d 192.168.0.2/32 --dport 9091 -j ACCEPT
>>
>>
>> # Accetto SSH e prevengo bruteforces
>> $IPT -A INPUT -i eth0 -p tcp --dport 666 -d 192.168.0.2/32 -m recent
>> --update --seconds 60 --hitcount 4 --rttl --name SSH -j ULOG
>> --ulog-prefix "SSH_BRUTEFORCE:"
>> $IPT -A INPUT -i eth0 -p tcp --dport 666 -d 192.168.0.2/32 -m state
>> --state NEW -m recent --set --name SSH -j ACCEPT
>>
>>
>> # TIM_DNS
>> $IPT -A INPUT -i eth0 -s $DNS1 -d $ARG0 -j ACCEPT
>> $IPT -A INPUT -i eth0 -s $DNS2 -d $ARG0 -j ACCEPT
>>
>> # DROP Anything else
>> $IPT -A INPUT -i $IF0 -p tcp --dport 1:65535 -d $ARG0 -j ULOG
>> --ulog-prefix "TCP:"
>> $IPT -A INPUT -i $IF0 -p tcp --dport 1:65535 -d $ARG0 -j DROP
>> $IPT -A INPUT -i $IF0 -p udp --dport 1:65535 -d $ARG0 -j ULOG
>> --ulog-prefix "UDP:"
>> $IPT -A INPUT -i $IF0 -p udp --dport 1:65535 -d $ARG0 -j DROP
>> $IPT -A INPUT -i $IF0 -p ALL -d $ARG0 -j ULOG --ulog-prefix "#######|
>> STOP_ALL_ |######:"
>> $IPT -A INPUT -i $IF0 -p ALL -d $ARG0 -j DROP
>>
>>
>> # FORWARD
>> #
>>
>> # 192.168.0.0 NETWORK
>> $IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -s 192.168.0.3 -d 192.168.1.0/29 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -s $ARG0 -d $NET3 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -s $ROUT -d $NET3 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -s $NET1 -d $NET4 -j ULOG
>> --ulog-prefix "Forward_SPOOF:"
>> $IPT -A FORWARD -i eth0 -o eth1 -s $NET1 -d $NET4 -j DROP
>>
>> # LAN
>> $IPT -A FORWARD -i eth1 -o eth0 -s 192.168.1.0/24 -j ACCEPT
>>
>>
>> # # Services FORWARD-------->
>>
>> # TIM DNS
>> $IPT -A FORWARD -s $DNS1 -d 192.168.1.0/24 -j ACCEPT
>> $IPT -A FORWARD -s $DNS2 -d 192.168.1.0/24 -j ACCEPT
>>
>>
>> # FTP
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp -d 192.168.1.4 --dport 20 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp -d 192.168.1.4 --dport 21 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp -d 192.168.1.4 --dport
>> 60000:65534 -j ACCEPT
>>
>>
>> # INN
>> #$IPT -A FORWARD -i eth0 -o eth1 -p tcp --dport 119 -d 192.168.1.4 -j
>> ACCEPT
>>
>>
>> # SMTP
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp --dport 25 -d 192.168.1.6 -j ACCEPT
>>
>>
>> # IRCD
>> IRC=6665:6669
>> $IPT -A FORWARD -i eth0 -p tcp --dport $IRC -d 192.168.1.4/32 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -p udp --dport 32768 -d 192.168.1.4/32 -j ACCEPT
>>
>>
>> # HTTP
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp --dport 80 -d 192.168.1.4 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp --dport 443 -d 192.168.1.4 -j
>> ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp --dport 80 -d 192.168.1.6 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp --dport 443 -d 192.168.1.6 -j
>> ACCEPT
>>
>>
>> # POP SSL
>> $IPT -A FORWARD -i eth0 -p tcp --dport 995 -d 192.168.1.6 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -p udp --dport 995 -d 192.168.1.6 -j ACCEPT
>>
>> # EMULE
>> $IPT -A FORWARD -p tcp -i $IF0 --dport 18744 -d 192.168.1.2 -j ACCEPT
>> $IPT -A FORWARD -p udp -i $IF0 --dport 57692 -d 192.168.1.2 -j ACCEPT
>> $IPT -A FORWARD -p tcp -i $IF0 --dport 4711 -d 192.168.1.2 -j ACCEPT
>> $IPT -A FORWARD -p udp -i $IF0 --dport 4672 -d 192.168.1.2 -j ACCEPT
>> $IPT -A FORWARD -p tcp -i $IF0 --dport 4661:4662 -d 192.168.1.2 -j ACCEPT
>>
>> # OUTPUT
>> $IPT -A OUTPUT -o eth0 -s 192.168.0.2/32 -j ACCEPT
>> $IPT -A OUTPUT -j ACCEPT -o eth1 -d 192.168.1.0/24
>> $IPT -A OUTPUT -s 192.168.0.0/16 -j ACCEPT
>> $IPT -A OUTPUT -s 192.168.1.0/24 -j ACCEPT
>>
>> $IPT -A OUTPUT -p icmp --icmp-type time-exceeded -j DROP
>> $IPT -A OUTPUT -p icmp --icmp-type 0 -j DROP
>>
>> # MASQUERADE
>> $IPT -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
>>
>> echo "1" > /proc/sys/net/ipv4/ip_forward
>>
>>
> If you have question just ask .... thanks !!!
>
>
>
I do not really believe that this is the best form of a script but if
you understand your script (and hopefully you do :D ) then this is
good... :)
I prefer scripts much like the output of "iptables -vnL"
Swifty
prev parent reply other threads:[~2006-10-27 7:42 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-26 20:29 my script ! gabrix
2006-10-27 7:42 ` Gáspár Lajos [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4541B85B.5060409@freemail.hu \
--to=swifty@freemail.hu \
--cc=gabrix@gabrix.ath.cx \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox