Τρίτη 5 Αυγούστου 2008

Θέλατε Firewall για Linux ?? Το 'χετε λοιπον !!!

Το παρακάτω άρθρο αποτελεί ένα firewall script για τον καθένα ! Απλά δοκιμάστε το !!!


Απλό αλλά θαυματουργό...


A Firewall Script for Everyone

Every server / desktop machine needs a firewall these days. Fortunately, Linux comes with iptables which can be used to create a very powerful firewall. Usually a set of rules is created, saved to a file and reloaded everytime the system comes up. This is where this little script comes into play. It loads a script containing Firewall Rules saved to the file /etc/iptables/iptables.conf (actually you can save your rules anywhere you wish, just modify the location in the script. It simply looks like a reasonable location to me). If your server is already behind an e.g. ADSL router you already have a firewall and the extra rules you need will be pretty straightforward to write yourself instead of using a wizard.

Usage

Copy this script to a file named myfirewall (or whatever you like!) and save it to the standard location for init scripts, in debian /etc/init.d. Don't forget to make it executable, i.e. chmod 755 /etc/init.d/myfirewall. The script accepts the standard init script parameters, start and stop. It also supports show which will simply show you the firewall rules on screen. Be aware that root privileges are required for the script to run since modifying the iptables is not something allowed to a normal user. Typically though, once your Firewall Rules are set, the script will be called during boot. For this you will need to enter: 

update-rc.d myfirewall defaults

as root

Script

#! /bin/sh

# /etc/init.d/myfirewall

#

# (C) by CyberToxic pigi apo Manolis Kiagias



case "$1" in

start)

     echo "Starting firewall (iptables)."

     /sbin/iptables-restore	      ;;

stop)

     echo "Stopping firewall (flushing rules)"

     /sbin/iptables -F

     	      ;;

show)

     echo "Current firewall rules:"

     /sbin/iptables-save

	     ;;	     

   *)

    echo "Usage: /etc/init.d/myfirewall {start|stop|show}"

    exit 1

             ;;

esac

exit 0

Assumptions

The script assumes the following:

  • You are not running any other firewall and you are willing to write iptables rules.
  • The iptables command is located in /sbin. This is true for most distros (debian included).
  • You have su privileges. You need to either sudo or su to execute this script since it modifies iptables rules and will be installed as an init script.
  • You do really understand what you are doing! (This is a prerequisite for ALL my scripts...)

Αναρτήθηκε από στις