[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipforward with ipchains

Jeff Licquia wrote:
> The quick-n-dirty way to do it is to write a shell script that contains
> the commands you need to set up the firewall, put it in
> /etc/rc.d/init.d, and symlink it to /etc/rc.d/rc[2-5].d.  Name the
> script itself whatever you want, but make the symlink names look like
> "SxxNAME", where "xx" is a two-digit number and "NAME" is the name of
> the script.  If you look in one of the rcX.d dirs, you'll see what I
> mean.  The scripts get executed in numeric order by the "xx", so set
> that number appropriately.

And if you are using RedHat, well, all you need are a couple of comments
in your script like:

   # chkconfig: 2345 11 89
   # description: sets up a basic firewall ruleset
   # This script is setup to use IPCHAINS to protect a small network.   
   # It is considered to be 'medium-light' secure.
   # This script should be saved as /etc/rc.d/init.d/firewallss
   # to enable the system to run this script at system start and stop, issue 
   # the command
   #      chkconfig --add firewallss --level 2345
   # Make sure the script's executable bits are set.  This can be done with 
   #      chmod u+x firewallss

Or, you could take a peek at 
for a script that does EXACTLY what we are talking about. And avoids the
networking-not-started problem, too.

Then, if you are on RedHat, you can issue 'service firewallss stop' and
'service firewallss start' to stop and start it manually.

If you aren't on RedHat, then, "the manual way" that Jeff described is
the way to go.

Funny thing, LinuxConf used the chkconfig info, and RH7.3 removed linuxconf.
Oh well.

() Join the ASCII ribbon campaign against HTML email and Microsoft-specific
/\ attachments. If I wanted to read HTML, I would have visited your website!
Support open standards.

To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.