Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Iptables script making and startup
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
TMD3
n00b
n00b


Joined: 25 Apr 2002
Posts: 5

PostPosted: Fri May 17, 2002 10:06 pm    Post subject: Iptables script making and startup Reply with quote

Okay i have this little iptables command that is supposed to block all incomming that I do not initiate and let me connect to all. Something like that I hope. It is

/sbin/iptables -A INPUT -p tcp --syn -j DROP

Okay the question is how do I incorporate that into a script and how can I automatically start it up when Gentoo boots up.
Back to top
View user's profile Send private message
snoopey
n00b
n00b


Joined: 26 Apr 2002
Posts: 17

PostPosted: Fri May 17, 2002 10:43 pm    Post subject: Reply with quote

Add it to your /etc/conf.d/local.start-script
Back to top
View user's profile Send private message
autoxv6
n00b
n00b


Joined: 17 May 2002
Posts: 8

PostPosted: Mon May 20, 2002 2:34 am    Post subject: Reply with quote

or you could make your own script in /etc/init.d, rc-update add myscript default, and then it will start everytime also without cluttering your local script. read the howto on the main gentoo.org site.
Back to top
View user's profile Send private message
ProGuy
n00b
n00b


Joined: 14 Apr 2002
Posts: 17
Location: Denmark

PostPosted: Mon May 20, 2002 11:01 am    Post subject: General Firewall rules Reply with quote

Such firewall scripts, should actually be started as close as possible to the actual upbringing of the network device. The best thing (if possible), would to have everything blocked the moment the device goes up, and then run a script which opens the necesarry (on trusted LANs this could just open up everything).

It would indeed be nice, to have an firewall script located in /etc/conf.d, or /etc/security, or even have a firewall directory, which runs each script in it like /etc/firewall.d.

Am I completely wrong in desiring such a feature?
_________________
//ProGuy
Back to top
View user's profile Send private message
autoxv6
n00b
n00b


Joined: 17 May 2002
Posts: 8

PostPosted: Tue May 21, 2002 7:03 am    Post subject: Reply with quote

youre absolutely correct.

make all your service script need the firewall script like ive done :)
Back to top
View user's profile Send private message
ProGuy
n00b
n00b


Joined: 14 Apr 2002
Posts: 17
Location: Denmark

PostPosted: Wed May 22, 2002 6:11 pm    Post subject: Reply with quote

autoxv6 wrote:

make all your service script need the firewall script like ive done :)


Hehe, I never though about that.
But still, it would be nice, to have native way of doing it, since network security is very important, even (or maybe especially) for small servers.

Question is, if someone is developing this allready, or should I just try to make a suggestion to how this can be archieved (and get beaten to death because it's a lousy way :wink: )
_________________
//ProGuy
Back to top
View user's profile Send private message
Crg
Guru
Guru


Joined: 29 May 2002
Posts: 345
Location: London

PostPosted: Thu May 30, 2002 12:03 am    Post subject: Re: General Firewall rules Reply with quote

ProGuy wrote:
Such firewall scripts, should actually be started as close as possible to the actual upbringing of the network device.


The iptables rules can actually be run before the network device is up, so you should run your firewall script before the any network devices are brought up, (its abit tricky if the firewall relies on needing to do DNS entries, or in the case of mine reading a list of IP addresses to block off a remote website (http://www.spews.org/packetreject.html)).
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum