[SOLVED] When using NetworkManager in KDE 4.7.4, how do you manage iptables?

allend · 01-19-2012, 09:40 AM

I have been using the KDE NetworkManager widget in KDE 4.7.4 supplied by Alien_Bob http://alien.slackbook.org/blog/kde-...he-4-7-series/. (Again Eric,Thanks!)

It is very welcome as I can manage all my network devices from the one screen.

On my netbook, I would like to able adjust my firewall settings depending on the interface used. If I connect using a USB modem on ppp0 then I want all incoming ports closed. If I connect by wireless on wlan0 to my home system then I want NFS ports open. If I connect by a wired connection on eth0 then I want Samba ports open.

I have found the Manage Connections... -> Other -> Configure Notifications... -> Network Connection Succeeded -> Run Command setting and tried running /etc/rc.d/rc.firewall, but it does not succeed, probably due to permissions.

Any thoughts on how to handle this?

bonixavier · 01-19-2012, 09:48 AM

Can't you keep rc.firewall.iface scripts? You switch from wireless to USB modem and do a rc.firewall.wlan0 stop && rc.firewal.ppp0 start? You then symlink the most commonly used interface to rc.firewall.

allend · 01-20-2012, 08:14 AM

Found an answer on the ArchWiki https://wiki.archlinux.org/index.php/NetworkManager

Created a file 25_SetFirewall in /etc/NetworkManager/dispatcher.d/ containing this script that runs suitable iptables firewall scripts.

Code:

#!/bin/sh

# Script to load appropriate firewall based on interface in use

INTERFACE=$1 # The interface which is brought up or down
STATUS=$2 # The new state of the interface

case "$STATUS" in
  'up') # an interface has been brought up
    case "$INTERFACE" in
      'eth0')
        exec /etc/rc.d/rc.firewall_eth0
      ;;
      'wlan0')
        exec /etc/rc.d/rc.firewall_wlan0
      ;;
      'ppp0')
        exec /etc/rc.d/rc.firewall_ppp0
      ;;
    esac
    ;;
  'down') # an interface has been brought down
    # Load default if there is no active interface
    if [ ! `nm-tool|grep State|cut -f2 -d' '` = "connected" ]; then
      exec /etc/rc.d/rc.firewall
    fi
  ;;
esac