Correct way to implement Firewall2 rules for boot up...
Here's a quick one. Any yes it's probably been answered but I've tried searching and it doesn't seem to come up. Basicly I'm using SuSE 7.3 Pro, and I want to save the Firewall2 rules so that on boot-up these rules are used. Unfortunatly I'm not quite sure what has to be modified in SuSE's enviroment for this to be true. It's a really basic rule set that works properly for our enviroment right now, it'll be expanded once I understand which files need to be modified. I've picked up from the netfilter.samba.org site the basic ruleset, and they have a paragraph that states how you can save ruleset's, but it appears each vendor does their own thing. thanks, evan Here's the commands. iptables -N block_outside iptables -A block_outside -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A block_outside -m state --state NEW -i eth1 -j ACCEPT iptables -A block_outside -j DROP iptables -A INPUT -j block_outside iptables -A FORWARD -j block_outside _________________________________________________________________________ This mail sent via toadmail.com, web e-mail @ ToadNet - want to go fast? http://www.toadmail.com
On Wed, 20 Mar 2002, Evan Montgomery-Recht wrote:
Basicly I'm using SuSE 7.3 Pro, and I want to save the Firewall2 rules so that on boot-up these rules are used. Unfortunatly I'm not quite sure what has to <snip> Here's the commands.
iptables -N block_outside iptables -A block_outside -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A block_outside -m state --state NEW -i eth1 -j ACCEPT iptables -A block_outside -j DROP
iptables -A INPUT -j block_outside iptables -A FORWARD -j block_outside
Are you new to Unix/Linux administration? Welcome ... I think there are 3 reasonable alternative answers to your question, take your pick from below, but take a look at section 8.1 in the SuSE Network Manual ( 1. there is a simple ruleset built-in to SuSE Linux ... the way to activate it on each boot was recently mentioned on this list ... configure your system using yast2 or yast, and set the variable REJECT_ALL_INCOMING_CONNECTIONS="yes" yast automatically stores this in the file /etc/rc.config.d/security.rc.config for use each time the network starts up This tool is called SuSE Personal Firewall (package personal-firewall) 2. If you like your own iptables commands it is easy to customize the SuSE boot sequence (in 7.3 this matches the Linux Standards Based standard) Simplest is to add them to the end of the file /etc/init.d/boot.local if they are ok to run before the network starts. Otherwise Read The Fine Manuals on the "SuSE boot concept". It is covered in the Reference Manual, with a terse description of customization in 'man insserv'. The boot concept was designed by Linux wizards but is easily useable by mortals like me. 3. Install the susefirewall or firewall2 package. - it is very sophisticated and should meet your needs if you properly edit the configuration file, found in the directory: /etc/rc.config.d/ If you can't get it to do what you want, you could get it to include your own script of custom rules by following the directions in the configuration file. Hope this helps, dproc
participants (2)
-
dproc@dol.net
-
Evan Montgomery-Recht