LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 04-14-2003, 01:07 AM   #1
cirkut5732
Member
 
Registered: Apr 2003
Posts: 94

Rep: Reputation: 15
Firewall script help!!!!


hi i installed my first firewall script ever, and i just have a couple questions, first im a newbie, starting to figure the system out but still need the help of other, ok so here we go
i have slackware 9.0 with ethernet card connected to verizon DSL but it shows up as LAN...who cares, my problem, i know i have "eth0" for EXT_IF "external interface" well i think i do!!!! anyways in the firewall config i put eth0 as my EXT_IF and when i try to start the firewall i get the error "The required variable EXT_IF is empty!!!"
what does that mean? anyways i tried changing config to eth0. ppp+, and ppp0 and nothing helps, any thoughts?
im running Arno's IPTABLES Firewall Script v1.7.3RC-2 its available to look at at linuxguruz.net or .org i cant remember, if anyone checks it out tell me if its a good script considering i know nothing on this area of UNIX!!! i got it cause it looked easy to install!!! please help
 
Old 04-14-2003, 01:05 PM   #2
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Ubuntu, Debian, SuSE, UnSlung, Android
Posts: 1,819

Rep: Reputation: 46
Arno's script is a good guide but I wouldn't use it (even modified). Have it around as a guide and write a script from scratch. I suggest using a rule generator script that clears the old rules, deletes the old /etc/sysconfig/iptables file, and writes a new one based on rules in the script. Iptables can be a bear but if you do write your own script, you won't regret it.
 
Old 04-14-2003, 03:03 PM   #3
cirkut5732
Member
 
Registered: Apr 2003
Posts: 94

Original Poster
Rep: Reputation: 15
well, putit like this, id love to write my own shell bash script but
after the first line /bin/sh i have no clue what to write after that
im still like only 2 weeks old to linux so any suggestions, ill use arnos script a guide but i dont know howto modify or what to modify!!!
 
Old 04-14-2003, 06:46 PM   #4
david_reno
LQ Newbie
 
Registered: Apr 2003
Posts: 21

Rep: Reputation: 16
You will probably use ppp0 as the external interface. My ADSL uses PPPoE (PPP over ethernet). Use the command "/sbin/ifconfig -a" to show your interfaces, the one with the IP address is the one to set as the external interface (very generally speaking and with many assumptions).

Arno's script has EXT_IF commented out (line starts with a '#' character). Make sure that you deleted the # starting the line.
 
Old 04-15-2003, 06:27 PM   #5
cirkut5732
Member
 
Registered: Apr 2003
Posts: 94

Original Poster
Rep: Reputation: 15
that was it! im still new to this firewall stuff, its definetly not like popping Norton in the drive and install with windows!! but i like that..more control once i know my shit!! anyways i forgot to delete the #. well i every line has a # and i dont know programing yet so didnt know wich symbols to delete!! ive only used that process for modules!! anyways its past that error but know it wont read my iptables. if you have comment i posted a thread on that problem somewhere in the Newbie forum!!

P.S it was eth0, or i shouldnt say that i just didnt get an error with et0..YET!!!!!
thanks for helping
 
Old 04-15-2003, 07:07 PM   #6
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86; Gentoo PPC; Gentoo Sparc64; FreeBSD; OS X; Solaris
Posts: 3,731
Blog Entries: 4

Rep: Reputation: 68
Here's a sample to get you started:
Code:
#!/bin/bash

# load the kernel modules
modprobe ip_tables
modprobe iptable_filter
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ipt_state
modprobe ipt_LOG

# remove current rulesets
iptables -F
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -X

# allow local-only connections
iptables -A INPUT  -i lo -j ACCEPT

# permit answers on already established connections
# and permit new connections related to established ones (eg active-ftp)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# accept only individual ports for services
# this will allow packets at port 80 for a webserver:
# iptables -A INPUT -p tcp --dport 80  -j ACCEPT

# set a sane policy: everything not accepted > /dev/null
iptables -P INPUT    DROP
iptables -P FORWARD  DROP
iptables -P OUTPUT   DROP
 
Old 04-16-2003, 06:43 PM   #7
cirkut5732
Member
 
Registered: Apr 2003
Posts: 94

Original Poster
Rep: Reputation: 15
so this script you just wrote in the post on top of this, can i just copy that to /etc/rc.d or do i need to modify anything? so far firewalling LINUX has been the hardest for me, ive compiled from source though, in just 2 weeks experience too!!
 
Old 04-17-2003, 01:32 AM   #8
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86; Gentoo PPC; Gentoo Sparc64; FreeBSD; OS X; Solaris
Posts: 3,731
Blog Entries: 4

Rep: Reputation: 68
Well, you can put it in rc.d if you like, but depending on your distro it will not likely work as an init style script.

Just put the file wherever you like (in your path is a good bet...), and just start it by running 'firewall' (or whatever you call it). You can put a reference to it in rc.local to have it start every boot if you like.

As far as modification, you will not need to do anything, unless you want to allow packets to certain ports, in which case you would follow the format of the "iptables -A INPUT -p tcp --dport 80 -j ACCEPT" line, just substitute the port number for the service you want to run. hint: --dport=destination port

If you want to learn a bit about iptables, I suggest following along this script with the iptables manpage to see what's going on.
 
Old 04-17-2003, 06:09 PM   #9
cirkut5732
Member
 
Registered: Apr 2003
Posts: 94

Original Poster
Rep: Reputation: 15
thank you for your help.. and your right my distro needs a bash script, whatever it is, but basically im pretty new and i know linux is easy to hack if you know your shit, and i just want a basic firewall to keep the unexperienced teenage malicous people out, most older and experienced hackers wouldnt want anything i got and usually dont hurt your files unless ya piss em off!!! so thank you very much!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall script simcox1 Linux - Security 7 11-13-2005 12:08 PM
Where should this firewall script be placed? wardialer Linux - Security 84 02-14-2005 07:06 PM
slackware's /etc/rc.d/rc.firewall equivalent ||| firewall script startup win32sux Debian 1 03-06-2004 09:15 PM
Could you look over my firewall script please... Grim Reaper Linux - Networking 8 03-26-2003 03:33 AM
Firewall script help jfall Linux - Networking 6 10-23-2002 03:46 AM


All times are GMT -5. The time now is 03:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration