LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-10-2001, 06:30 PM   #1
jbrandis
LQ Newbie
 
Registered: Dec 2001
Location: Sydney
Distribution: red hat 7.1
Posts: 6

Rep: Reputation: 0
Post Shell script to configure IP Tables ???


G'Day all,

I have IP-Tables working in my office of MS users which need access to the firewall config and modify as needed.

Was interested to know as a newbie, if I could create a shell script that contained all the rules I wish to have in our firewall, then run the script. USers could then amend the firewall as needed via the script which has numerous comments, then run the script. Of course the first lines in the script would flush the existing values

Is this method possible and practicle, and if so does any one have suggestions that I have not thought of

Thanks all

John
 
Old 12-11-2001, 01:09 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,950
Blog Entries: 54

Rep: Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732
It's a std procedure to run those rules from a script, so there is nothing wrong there.

What *is* wrong IMO is having regular untrained users change firewall rules and access the fw box.
Maybe you could explain *why* they need to access the box and change the rules?

The other point is them accessing the fw box itself. No matter what, some day one of them users will have time on his/her hands, look some stuff up on the net, think they know enough and (insert scenario here)...


*If you can't bypass the fact they should be able to change rules, I would suggest having an interfacing script (preferably some ssl'ed web interface, but an commandline script that runs on login could do as well) where they could (only) choose options relevant to them. Build your script modular, make the base rules script, and add a separate script for each option they should be able choose (and test each combination beforehand). And even then I'm not convinced this couldn't be run with the usual script...
 
Old 12-11-2001, 04:44 AM   #3
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
John,

unSpawn's right, your firewall should be designed in such a way that users shouldn't have access to modify it.

Now on the other hand if you have an admin that needs access then the best solution for you is to use this:
http://www.astaro.com/products/index.html

It's a GUI with SSL login for admins.
Basically it's a very comprehensive GUI that uses IPTABLES as it's firewall. "They don't tell you this but the output from the logs in the demo looks like iptables output"

I suggest your check out the online demo and decide for yourself.

/Raz
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Shell Scripting: Getting a pid and killing it via a shell script topcat Programming 15 10-28-2007 02:14 AM
shell script problem, want to use shell script auto update IP~! singying304 Programming 4 11-29-2005 05:32 PM
How to configure routing tables myself_rajat Linux - Networking 1 08-03-2005 10:55 AM
How to compare records in two tables in seperate My Sql database using shell script sumitarun Programming 5 04-14-2005 09:45 AM
IP TABLES Firewall Script problems... Nosram Linux - Networking 2 02-11-2004 04:22 AM


All times are GMT -5. The time now is 07:16 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration