LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   IPTABLES firewall Vs rc firewall (https://www.linuxquestions.org/questions/linux-security-4/iptables-firewall-vs-rc-firewall-150659/)

netguy2000 02-26-2004 04:30 AM
IPTABLES firewall Vs rc firewall
 
Dear all,
I am using IPTABLES firewall (like i setup incomming ports
and Forward ports open / close through IPTABELS commands), I want to
know is IPTABLES firewall better then rc Firewall file. or rc
Firewall is better then IPTABLES ??? plzzz reply me soon and inform
me which is lighter in loading and functionality???

Thanks in advance.
Rizwan.

/bin/bash 02-26-2004 06:18 AM
rc.firewall is just a script that issues the necessary iptables commands to setup your firewall. If you are manually issuing iptables commands I would suggest you look at using or making a script to automate it.

netguy2000 02-26-2004 07:10 AM
Yes thats i want to know plz tell me is it neccesary to automate IPTABLES commands which I put manualy ??? is script firewall is good or just manually incerted IPTABLES command work fine??? plzzzzzzzzzzzz let me know

stickman 02-26-2004 08:35 AM
It's not a necessity to automate your firewall, but it does make things more convenient. A scripted firewall is only as good as the commands that you put into it. You may want to look at a couple of of the existing iptables scripts rather than writing your own (at least when you are starting out).

flashingcurser 02-26-2004 01:09 PM
This is one way you can automate your firewall, milage may vary.

1 goto this site: http://easyfwgen.morizot.net/gen/
2. walk through the prompts--when its finished it will give you a very good script. Remember garbage in garbage out.
3. cut and past script into rc.firewall--in the script it will ask you for the location of iptables. Make sure this path is correct--it defaults to /usr/local/sbin which is correct for a redhat based distro. In slack its /usr/sbin
4 reboot or /etc/rc.d/rc.firewall start---I would just reboot and check the messages

Have fun

:)

netguy2000 02-27-2004 03:17 AM
ok let me agree with you to create script on ur insist, but I not install firewall when i install my GW Redhat machine I select "no firewall" option in it so i have no rc.firewall file :( plzzz give me instruction how can i ser firewall to run my firewall script???? and also fw intallation will not make any efficet on my existing network GW.

Thanks thanks thanks in advance.

slack_baby 02-27-2004 06:07 AM
here is the edited script that i run on my box

## rc.firewall edited script

Code:
#!/bin/sh
 # /etc/rc.d/rc.firewall
 
 IPT=/usr/sbin/iptables
 FILE=/etc/iptabrule
 # Reset all previous iptables rules
 firewall_dellall() {
 $IPT -F
 $IPT -t nat -F
 $IPT -t mangle -F
 $IPT --delete-chain
 $IPT -t nat --delete-chain
 echo "All tables, rules are reset"
 }

 firewall_restore() {
 /bin/cat $FILE | /usr/sbin/iptables-restore
 echo "All rules restored from $FILE"
 }
 
 firewall_start() {
 echo "firewall start"
 }
 
 case "$1" in
 'start')
 firewall_start
 ;;
 'dellall')
 firewall_dellall
 ;;
 'restart')
 firewall_restart
 ;;
 'reload')
 firewall_reload
 ;;
 'status')
 firewall_status
 $IPT -nL ;;
 'restore')
 firewall_restore
 ;;
 *)
 echo "usage $0 start|dellall|restart|reload|status|restore"
 esac
edit FILE variable to ur IPTABLES RULES FILE LOCATION

and in rc.local add
/etc/rc.d/rc.firewall restore

Hope this will help u

/bin/bash 02-28-2004 04:31 AM
You can look at some of the scripts here and see if one would work for you.

I use this firewall script.


All times are GMT -5. The time now is 07:36 AM.