Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-10-2001, 07:30 PM   #1
LQ Newbie
Registered: Dec 2001
Location: Sydney
Distribution: red hat 7.1
Posts: 6

Rep: Reputation: 0
Post Shell script to configure IP Tables ???

G'Day all,

I have IP-Tables working in my office of MS users which need access to the firewall config and modify as needed.

Was interested to know as a newbie, if I could create a shell script that contained all the rules I wish to have in our firewall, then run the script. USers could then amend the firewall as needed via the script which has numerous comments, then run the script. Of course the first lines in the script would flush the existing values

Is this method possible and practicle, and if so does any one have suggestions that I have not thought of

Thanks all

Old 12-11-2001, 02:09 AM   #2
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3595Reputation: 3595Reputation: 3595Reputation: 3595Reputation: 3595Reputation: 3595Reputation: 3595Reputation: 3595Reputation: 3595Reputation: 3595Reputation: 3595
It's a std procedure to run those rules from a script, so there is nothing wrong there.

What *is* wrong IMO is having regular untrained users change firewall rules and access the fw box.
Maybe you could explain *why* they need to access the box and change the rules?

The other point is them accessing the fw box itself. No matter what, some day one of them users will have time on his/her hands, look some stuff up on the net, think they know enough and (insert scenario here)...

*If you can't bypass the fact they should be able to change rules, I would suggest having an interfacing script (preferably some ssl'ed web interface, but an commandline script that runs on login could do as well) where they could (only) choose options relevant to them. Build your script modular, make the base rules script, and add a separate script for each option they should be able choose (and test each combination beforehand). And even then I'm not convinced this couldn't be run with the usual script...
Old 12-11-2001, 05:44 AM   #3
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31

unSpawn's right, your firewall should be designed in such a way that users shouldn't have access to modify it.

Now on the other hand if you have an admin that needs access then the best solution for you is to use this:

It's a GUI with SSL login for admins.
Basically it's a very comprehensive GUI that uses IPTABLES as it's firewall. "They don't tell you this but the output from the logs in the demo looks like iptables output"

I suggest your check out the online demo and decide for yourself.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Shell Scripting: Getting a pid and killing it via a shell script topcat Programming 15 10-28-2007 03:14 AM
shell script problem, want to use shell script auto update IP~! singying304 Programming 4 11-29-2005 06:32 PM
How to configure routing tables myself_rajat Linux - Networking 1 08-03-2005 11:55 AM
How to compare records in two tables in seperate My Sql database using shell script sumitarun Programming 5 04-14-2005 10:45 AM
IP TABLES Firewall Script problems... Nosram Linux - Networking 2 02-11-2004 05:22 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:25 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration