| View previous topic :: View next topic |
| Author |
Message |
TMD3
n00b
Joined: 25 Apr 2002
Posts: 5
|
 Posted: Fri May 17, 2002 10:06 pm Post subject: Iptables script making and startup |
 |
|
Okay i have this little iptables command that is supposed to block all incomming that I do not initiate and let me connect to all. Something like that I hope. It is
/sbin/iptables -A INPUT -p tcp --syn -j DROP
Okay the question is how do I incorporate that into a script and how can I automatically start it up when Gentoo boots up. |
|
| Back to top |
|
 |
snoopey
n00b
Joined: 26 Apr 2002
Posts: 17
|
| Posted: Fri May 17, 2002 10:43 pm Post subject: |
|
|
| Add it to your /etc/conf.d/local.start-script |
|
| Back to top |
|
|
autoxv6
n00b
Joined: 17 May 2002
Posts: 8
|
| Posted: Mon May 20, 2002 2:34 am Post subject: |
|
|
| or you could make your own script in /etc/init.d, rc-update add myscript default, and then it will start everytime also without cluttering your local script. read the howto on the main gentoo.org site. |
|
| Back to top |
|
|
ProGuy
n00b
Joined: 14 Apr 2002
Posts: 17
Location: Denmark
|
| Posted: Mon May 20, 2002 11:01 am Post subject: General Firewall rules |
|
|
Such firewall scripts, should actually be started as close as possible to the actual upbringing of the network device. The best thing (if possible), would to have everything blocked the moment the device goes up, and then run a script which opens the necesarry (on trusted LANs this could just open up everything).
It would indeed be nice, to have an firewall script located in /etc/conf.d, or /etc/security, or even have a firewall directory, which runs each script in it like /etc/firewall.d.
Am I completely wrong in desiring such a feature?
_________________
//ProGuy |
|
| Back to top |
|
|
autoxv6
n00b
Joined: 17 May 2002
Posts: 8
|
| Posted: Tue May 21, 2002 7:03 am Post subject: |
|
|
youre absolutely correct.
make all your service script need the firewall script like ive done  |
|
| Back to top |
|
|
ProGuy
n00b
Joined: 14 Apr 2002
Posts: 17
Location: Denmark
|
| Posted: Wed May 22, 2002 6:11 pm Post subject: |
|
|
| autoxv6 wrote: |
make all your service script need the firewall script like ive done |
Hehe, I never though about that.
But still, it would be nice, to have native way of doing it, since network security is very important, even (or maybe especially) for small servers.
Question is, if someone is developing this allready, or should I just try to make a suggestion to how this can be archieved (and get beaten to death because it's a lousy way  )
_________________
//ProGuy |
|
| Back to top |
|
|
Crg
Guru
Joined: 29 May 2002
Posts: 345
Location: London
|
| Posted: Thu May 30, 2002 12:03 am Post subject: Re: General Firewall rules |
|
|
| ProGuy wrote: | | Such firewall scripts, should actually be started as close as possible to the actual upbringing of the network device. |
The iptables rules can actually be run before the network device is up, so you should run your firewall script before the any network devices are brought up, (its abit tricky if the firewall relies on needing to do DNS entries, or in the case of mine reading a list of IP addresses to block off a remote website (http://www.spews.org/packetreject.html)). |
|
| Back to top |
|
|
|
Networking & Security
