IPTABLES firewall Vs rc firewall

netguy2000 · 02-26-2004, 04:30 AM

Dear all,
I am using IPTABLES firewall (like i setup incomming ports
and Forward ports open / close through IPTABELS commands), I want to
know is IPTABLES firewall better then rc Firewall file. or rc
Firewall is better then IPTABLES ??? plzzz reply me soon and inform
me which is lighter in loading and functionality???

Thanks in advance.
Rizwan.

/bin/bash · 02-26-2004, 06:18 AM

rc.firewall is just a script that issues the necessary iptables commands to setup your firewall. If you are manually issuing iptables commands I would suggest you look at using or making a script to automate it.

netguy2000 · 02-26-2004, 07:10 AM

Yes thats i want to know plz tell me is it neccesary to automate IPTABLES commands which I put manualy ??? is script firewall is good or just manually incerted IPTABLES command work fine??? plzzzzzzzzzzzz let me know

stickman · 02-26-2004, 08:35 AM

It's not a necessity to automate your firewall, but it does make things more convenient. A scripted firewall is only as good as the commands that you put into it. You may want to look at a couple of of the existing iptables scripts rather than writing your own (at least when you are starting out).

flashingcurser · 02-26-2004, 01:09 PM

This is one way you can automate your firewall, milage may vary.

1 goto this site: http://easyfwgen.morizot.net/gen/
2. walk through the prompts--when its finished it will give you a very good script. Remember garbage in garbage out.
3. cut and past script into rc.firewall--in the script it will ask you for the location of iptables. Make sure this path is correct--it defaults to /usr/local/sbin which is correct for a redhat based distro. In slack its /usr/sbin
4 reboot or /etc/rc.d/rc.firewall start---I would just reboot and check the messages

Have fun

netguy2000 · 02-27-2004, 03:17 AM

ok let me agree with you to create script on ur insist, but I not install firewall when i install my GW Redhat machine I select "no firewall" option in it so i have no rc.firewall file

plzzz give me instruction how can i ser firewall to run my firewall script???? and also fw intallation will not make any efficet on my existing network GW.

Thanks thanks thanks in advance.

slack_baby · 02-27-2004, 06:07 AM

here is the edited script that i run on my box

## rc.firewall edited script

Code:

#!/bin/sh
 # /etc/rc.d/rc.firewall
 
 IPT=/usr/sbin/iptables
 FILE=/etc/iptabrule
 # Reset all previous iptables rules
 firewall_dellall() {
 $IPT -F
 $IPT -t nat -F
 $IPT -t mangle -F
 $IPT --delete-chain
 $IPT -t nat --delete-chain
 echo "All tables, rules are reset"
 }

 firewall_restore() {
 /bin/cat $FILE | /usr/sbin/iptables-restore
 echo "All rules restored from $FILE"
 }
 
 firewall_start() {
 echo "firewall start"
 }
 
 case "$1" in
 'start')
 firewall_start
 ;;
 'dellall')
 firewall_dellall
 ;;
 'restart')
 firewall_restart
 ;;
 'reload')
 firewall_reload
 ;;
 'status')
 firewall_status
 $IPT -nL ;;
 'restore')
 firewall_restore
 ;;
 *)
 echo "usage $0 start|dellall|restart|reload|status|restore"
 esac

edit FILE variable to ur IPTABLES RULES FILE LOCATION

and in rc.local add
/etc/rc.d/rc.firewall restore

Hope this will help u

/bin/bash · 02-28-2004, 04:31 AM

You can look at some of the scripts here and see if one would work for you.

I use this firewall script.