LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-07-2009, 08:04 PM   #16
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Original Poster
Rep: Reputation: 51

@ sasha>>>thanks. will put all my funtion defs at top. however, still getting bad syntax @ } towards the end of function( see code in earlier post.
@salasi>>>nah bud, its all helpful when your running with nothing but google, perception, and horeshoes 8)).

so, as to checking the distro...fedora keeps a diff format for iptables as does debian based ( er..fedora kinda). however, if i wanted to contribute something to open(not free) source then this all i can really do.

so far the research and input you guys have given has helped alot towards the iptables rules themselves. i guess for work flow reasons i thought i should actually put the interactive portion of the script together THEN all i have to do save the appended file to the correct place. salasi>> you said it should be interactive. so interactive it shall be. only issue is that the switches i am seeing referenced online for function / function call seem to be breaking for me.
I see no reason i should have to do this:
Code:
case $choice in
    1) $slacky     
       ;;
    2) exit
       ;;
esac
}

slacky=function slacky {

if [ -f etc/slackware-version ]
  then
    echo "You appear to be running slackware"
  else 
    echo "You do not appear to have a firewall set to laod from rc.d"
    echo "Would you like to create one?"
fi
}
where the function has to be named slacky=function slacky <<<< this seems redundant. also,even if i just pilfer some code from an existing script like:

Code:
function slacky()
{
yada yada
}
i get a bad syntax at the end. guess i will start from scratch.
 
Old 12-07-2009, 08:12 PM   #17
GrapefruiTgirl
Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543
Quote:
Originally Posted by salasi View Post
Every time the mac address of something changes, you'll have to go back into your script and fix it (or spoof the mac address, I suppose...although I wonder whether anyone who frequently spoofs mac addresses will have that much confidence in this as a security feature). Now with a couple of laptops, where no one is going to change the network card, you may be happy to do that. If you have machines coming in and out, or the network cards get swapped, this will rapidly become a pain and you'll wish that you had done something else.

And, I suspect, even if you only swap machines infrequently, you'll forget about the problem, swap machines, have the problem with the new machine, and swear a bit when you realise what has happened and wonder why you didn't anticipate that this would happen.

Sorry, I consider all that predictable, but whether you consider it a big problem or just one of life's little irritations is up to you.
No, I agree completely with the above; thanks for that reply.. Machines coming and going on a network would definitely become a nuisance with MAC filtering.
 
Old 12-07-2009, 08:16 PM   #18
GrapefruiTgirl
Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543
@ mrmnemo:

observe the function syntax closely:

function_name () {

# code here

} # end


So that's NAME SPACE () SPACE { <-- then the opening brace

.. then the code..

} <-- and the closing brace here

 
Old 12-08-2009, 06:04 AM   #19
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,885

Rep: Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774
Quote:
Originally Posted by mrmnemo View Post
salasi>> you said it should be interactive. so interactive it shall be. only issue is that the switches i am seeing referenced online for function / function call seem to be breaking for me.
I wrote:

Quote:
You have to achieve a good level of protection even if the user does not respond, or takes an undue amount of time, or if the response given is erroneous, so interactivity does not seem like a good feature in this context, unless you have an unusual aim.
so I think that you are misinterpreting me, although it could well be that I'm not writing clearly enough.
 
Old 12-08-2009, 10:23 PM   #20
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Original Poster
Rep: Reputation: 51
dohh! will post new stuff when i get done doing the tutorial. as it stands, i am trying to figure out the name of the function that would work like this:

function1
function2
script(changed to reflect findings based on function set).

so that would be: os detection( replace need function call and dirs in script)
then script change based on user input(allow all out, open ssh, etc...)

once i get that part then i can go back to setting the actual basic rule sets up. you guys have been very helpful. just hope that i can put together something useful.

@ sasha: your syntax instruction fixed my function issue 8))
@ salasi: i didnt pay attention to your post on the interactivity. thanks for the input.
 
Old 12-11-2009, 10:33 AM   #21
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Original Poster
Rep: Reputation: 51
Question trying real hard to stay on topic

ok so now i have done a little more. what would i look at to replace something like this:
Code:
search_function () {
if [ os detection variables]
    then
      $scrCHANGE
        fi
else
$move_on
 fi
}
i want to run an initial function to do some basic checks THEN based on whats found change IPT=/usr/sbin/iptables for example to IPT=/sbin/iptables. I have already been loking at using bash variables; however, I am starting to think i may need to have the script generate a child that it writes its findings to then running the child SCRIPT on exit. I realize that i am getting aways from the firewall question here....but making the script for the firewall do some basic detection first is all i am trying to do. I have figured out how to get the user input for INET_IFACE, ect for the running of the script...but it would be redundant to run this at every boot. so ....anyways trying to figure out what to read up on. would that be BASH variables or something else?
 
Old 12-11-2009, 11:30 AM   #22
GrapefruiTgirl
Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543
Not fully sure what you're trying to do in that code above, but here's two tips:

IPT=$(which iptables) # this will locate iptables for you; you should error check this to make sure it actually found it. Usually it's in /sbin or /usr/sbin.

Second, in bash, to do an ELSE .. IF you use elif, like so:
Code:
if [ something = something_else ]; then
 do whatever we want
elif [ something = goobly_woobly ]; then
 do blah blah
fi
Sasha

PS - Note that ELIF is really only practical when there will be more than two possible ways for the logic to go; if there are only two ways, then you might like:

Code:
[ something = whatever ] && do foo || do bar
.. which is a simple IF-THEN-ELSE statement. It means "if something equals whatever, do foo, otherwise, do bar."

Last edited by GrapefruiTgirl; 12-11-2009 at 11:40 AM.
 
Old 12-11-2009, 12:04 PM   #23
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Original Poster
Rep: Reputation: 51
cool. Your previous post was help withy the syntax. I think i got the if-then -else i just want to be able to change the script based on what i find with my search functions. say for example i discover that its a slack bos. well the rc.firewall will need to be created as well as rulles written to it. i dont want to have to write a whole script if i find slack or debian , etc.. i want to augment / change the script based on variables of function discovery and user input.
in short. where i define my commands at the begging of the script IPT= / IPT_sV / mk etc would need to be changed to reflect the system that its being set up on. right? yeah it would be easy to just make it so the USER changes this stuff... i just wanted to make it easy generate script to /folder/of/choice or distro based install with INET_IFACE, etc definded by user.

by the way...how ya doing sasha? its cold here.

john
 
Old 12-11-2009, 06:26 PM   #24
GrapefruiTgirl
Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543
Seems like you're trying to write a script (your script), which creates a script (rc.firewall).. If this is kind of correct, then you should consider instead, taking the iptables commands you create during the execution of "your script" and either saving them to a temp file or to an array as "your script" progresses, and then when all the iptables lines have been created and you're ready to activate the firewall, you use iptables-restore.

I'm doing well; working on my firewall tool non-stop, and currently dealing with some POSIX nonsense which I'm about to address in a new thread. And, it's cold here too :/ and snowy

Sasha
 
Old 12-11-2009, 08:01 PM   #25
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Original Poster
Rep: Reputation: 51
Exclamation

Quote:
Originally Posted by GrapefruiTgirl View Post
working on my firewall tool non-stop... And, it's cold here too :/ and snowy
SNOW rocks! I like snow...it makes everything look clean. would love to get more info on your firewall tool...? the array thing is what i needed to know. now i got a direction to look into ( thanks for that) it kinda sucks knowing what you want to do but not what to call it.

thanks again.

john

Me on facebook.
 
Old 12-11-2009, 09:14 PM   #26
GrapefruiTgirl
Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543
Quote:
Originally Posted by mrmnemo View Post
would love to get more info on your firewall tool...?
My firewall tool is a massive overhaul of the LutelWall firewall, which was last released by its author in 2005 in 'development' status.
Pretty shortly, I will make it available, new and improved, for public consumption. I've got a few little things yet to "perfect" (I am very picky/fussy) and some more testing to do before releasing it.
The original author, Tomek Lutelmowski, has kindly given me FTP access to his website where the old releases are available, so when I'm ready, I'll be uploading the new release there:
(http://firewall.lutel.pl/)

And I'll make an announcement of its release at that time

Sasha
 
Old 12-12-2009, 07:29 PM   #27
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Original Poster
Rep: Reputation: 51
problem with syntax

ok so i wanted to test a function out. i am getting:
Code:
Checking for defaults
/media/storage/distro/slack/firewall2: line 59: syntax error: unexpected end of file
could someone please tell me what i am doing wrong? I have looked at the online tutorials and seem to be having lots of problems.

thanks in advance.

john

p.s: here goes the code that will eventually be a function:
Code:
#os_det () {
      echo "Checking for defaults"      ##seems nothing is going on after this line
      if [ -f etc/slackware-version ];  ##i thought i got the syntax right. shouldnt the script
	  then                          ##start the if / then / else logic path? 
      if [ -f /etc/rc.d/rc.firewall ];
	  then
	    echo "Slackware detected..."
	    echo "You appear to have the rc.firewall in"
	    echo "place."
	    echo "[+] INSTALLING [+]"
	    $INST  
	      
	  else
	    echo "While you APPEAR to be running slackware"
	    echo "However,your missing the rc.firewall file."
	    echo "Creating rc.firewall..."
	    $mk /etc/rc.d/rc.firewall
	      if [ -f /etc/rc.d/rc/firewall ];
		then 
		  echo "[+]rc.firewall created[+]"
		  $INST
		    
	    else
		echo "unable to create rc.firewall"
		echo "try running script as root..."
fi

exit 0

Last edited by mrmnemo; 12-12-2009 at 07:34 PM.
 
Old 12-12-2009, 07:38 PM   #28
GrapefruiTgirl
Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543
You have an IF-THEN-FI problem.. At a quick glance, you're missing two fi's.. You might want to re-examine your logic, but I believe you want a fi after the $mk /etc/rc.d/rc.firewall line, and you want another fi after echo "try running script as root..."

I'm pretty tired/sleepy at the moment, so this estimated placement might be wrong, but a lack of fi's is definitely the problem. every IF needs a FI.

Sasha
 
Old 12-12-2009, 07:43 PM   #29
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Original Poster
Rep: Reputation: 51
same here. i will try again in the morning. hope your not to cold. and as always....THANKS!


john
 
  


Reply

Tags
iptables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables and ip6tables MicahCarrick Linux - Software 2 12-31-2006 10:35 AM
iptables vs. ip6tables q14526 Linux - Security 3 09-29-2006 04:15 PM
Portsentry and iptables-- need script help flashingcurser Programming 2 04-12-2005 09:32 AM
Allow specific hosts with iptables (jay's firewall) TheOneAndOnlySM Linux - Networking 2 04-04-2004 06:52 PM
iptables and/or ip6tables? DropHit Linux - Software 0 02-18-2004 02:40 PM


All times are GMT -5. The time now is 09:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration