Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-14-2003, 01:07 AM
|
#1
|
Member
Registered: Apr 2003
Posts: 94
Rep:
|
Firewall script help!!!!
hi i installed my first firewall script ever, and i just have a couple questions, first im a newbie, starting to figure the system out but still need the help of other, ok so here we go
i have slackware 9.0 with ethernet card connected to verizon DSL but it shows up as LAN...who cares, my problem, i know i have "eth0" for EXT_IF "external interface" well i think i do!!!! anyways in the firewall config i put eth0 as my EXT_IF and when i try to start the firewall i get the error "The required variable EXT_IF is empty!!!"
what does that mean? anyways i tried changing config to eth0. ppp+, and ppp0 and nothing helps, any thoughts?
im running Arno's IPTABLES Firewall Script v1.7.3RC-2 its available to look at at linuxguruz.net or .org i cant remember, if anyone checks it out tell me if its a good script considering i know nothing on this area of UNIX!!! i got it cause it looked easy to install!!! please help
|
|
|
04-14-2003, 01:05 PM
|
#2
|
Senior Member
Registered: Feb 2003
Location: The Arctic
Distribution: Fedora, Debian, OpenSuSE and Android
Posts: 1,820
Rep:
|
Arno's script is a good guide but I wouldn't use it (even modified). Have it around as a guide and write a script from scratch. I suggest using a rule generator script that clears the old rules, deletes the old /etc/sysconfig/iptables file, and writes a new one based on rules in the script. Iptables can be a bear but if you do write your own script, you won't regret it.
|
|
|
04-14-2003, 03:03 PM
|
#3
|
Member
Registered: Apr 2003
Posts: 94
Original Poster
Rep:
|
well, putit like this, id love to write my own shell bash script but
after the first line /bin/sh i have no clue what to write after that
im still like only 2 weeks old to linux so any suggestions, ill use arnos script a guide but i dont know howto modify or what to modify!!!
|
|
|
04-14-2003, 06:46 PM
|
#4
|
LQ Newbie
Registered: Apr 2003
Posts: 21
Rep:
|
You will probably use ppp0 as the external interface. My ADSL uses PPPoE (PPP over ethernet). Use the command "/sbin/ifconfig -a" to show your interfaces, the one with the IP address is the one to set as the external interface (very generally speaking and with many assumptions).
Arno's script has EXT_IF commented out (line starts with a '#' character). Make sure that you deleted the # starting the line.
|
|
|
04-15-2003, 06:27 PM
|
#5
|
Member
Registered: Apr 2003
Posts: 94
Original Poster
Rep:
|
that was it! im still new to this firewall stuff, its definetly not like popping Norton in the drive and install with windows!! but i like that..more control once i know my shit!! anyways i forgot to delete the #. well i every line has a # and i dont know programing yet so didnt know wich symbols to delete!! ive only used that process for modules!! anyways its past that error but know it wont read my iptables. if you have comment i posted a thread on that problem somewhere in the Newbie forum!!
P.S it was eth0, or i shouldnt say that i just didnt get an error with et0..YET!!!!!
thanks for helping
|
|
|
04-15-2003, 07:07 PM
|
#6
|
Senior Member
Registered: Nov 2002
Location: British Columbia, Canada
Distribution: Gentoo x86_64; FreeBSD; OS X
Posts: 3,762
Rep:
|
Here's a sample to get you started:
Code:
#!/bin/bash
# load the kernel modules
modprobe ip_tables
modprobe iptable_filter
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ipt_state
modprobe ipt_LOG
# remove current rulesets
iptables -F
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -X
# allow local-only connections
iptables -A INPUT -i lo -j ACCEPT
# permit answers on already established connections
# and permit new connections related to established ones (eg active-ftp)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# accept only individual ports for services
# this will allow packets at port 80 for a webserver:
# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# set a sane policy: everything not accepted > /dev/null
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
|
|
|
04-16-2003, 06:43 PM
|
#7
|
Member
Registered: Apr 2003
Posts: 94
Original Poster
Rep:
|
so this script you just wrote in the post on top of this, can i just copy that to /etc/rc.d or do i need to modify anything? so far firewalling LINUX has been the hardest for me, ive compiled from source though, in just 2 weeks experience too!!
|
|
|
04-17-2003, 01:32 AM
|
#8
|
Senior Member
Registered: Nov 2002
Location: British Columbia, Canada
Distribution: Gentoo x86_64; FreeBSD; OS X
Posts: 3,762
Rep:
|
Well, you can put it in rc.d if you like, but depending on your distro it will not likely work as an init style script.
Just put the file wherever you like (in your path is a good bet...), and just start it by running 'firewall' (or whatever you call it). You can put a reference to it in rc.local to have it start every boot if you like.
As far as modification, you will not need to do anything, unless you want to allow packets to certain ports, in which case you would follow the format of the "iptables -A INPUT -p tcp --dport 80 -j ACCEPT" line, just substitute the port number for the service you want to run. hint: --dport=destination port
If you want to learn a bit about iptables, I suggest following along this script with the iptables manpage to see what's going on.
|
|
|
04-17-2003, 06:09 PM
|
#9
|
Member
Registered: Apr 2003
Posts: 94
Original Poster
Rep:
|
thank you for your help.. and your right my distro needs a bash script, whatever it is, but basically im pretty new and i know linux is easy to hack if you know your shit, and i just want a basic firewall to keep the unexperienced teenage malicous people out, most older and experienced hackers wouldnt want anything i got and usually dont hurt your files unless ya piss em off!!! so thank you very much!!
|
|
|
All times are GMT -5. The time now is 07:55 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|