personal-firewall and an addon-script.
Hello, who can help me? I have Suse7.1 as NAT-Router and PacketFilter. Its running a PersonalFirewall but after the starting the personal-firewall I modified the system with "ipchains-restore < /etc/ipchains-rules to update the rules, I want to use. That's working fine, but when my dynamic-IP-Provider have canceled the Connection (after 24 hours) , I must always restart my script. What can I do after an IP-Change on PPP to do that automatic? Can I put the script in the IP-Up-Script? Sorry, my english isn't very good ;) Bye, Jost Schöler
Its quite simple. There are two ( in real is it one and a link) scripts in /etc/ppp called ip-up and ip-down. If the interface-ip of your pppX-device changes even if a new connection is up or a running connection comes down these scripts are running. Simply call the firewallscript in the right start/stop section of the ip-up/down-script Michael -----Ursprüngliche Nachricht----- Von: Jost Schoeler [mailto:charly123@web.de] Gesendet: Mittwoch, 27. Juni 2001 17:04 An: suse-security@suse.com Betreff: [suse-security] personal-firewall and an addon-script. Hello, who can help me? I have Suse7.1 as NAT-Router and PacketFilter. Its running a PersonalFirewall but after the starting the personal-firewall I modified the system with "ipchains-restore < /etc/ipchains-rules to update the rules, I want to use. That's working fine, but when my dynamic-IP-Provider have canceled the Connection (after 24 hours) , I must always restart my script. What can I do after an IP-Change on PPP to do that automatic? Can I put the script in the IP-Up-Script? Sorry, my english isn't very good ;) Bye, Jost Schöler -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi, there is even a better solution. The ip-up and ip-down scipts are called automatically in the appropriate case. But instead of modifieng these scripts and calling your own scipt from there, you could integrate the calls to your scripts into ip-up.local and ip-down.local. If these two exist, they are also automatically called when ip-up/ip-down are executed. The benefit is, that these .local scipts are newer overwritten when your system changes, e.g. pkgs are installed or removed, but when you use the non .local scripts your own changes may break. HtH Appeldorn wrote:
Its quite simple.
There are two ( in real is it one and a link) scripts in /etc/ppp called ip-up and ip-down.
If the interface-ip of your pppX-device changes even if a new connection is up or a running connection comes down these scripts are running.
Simply call the firewallscript in the right start/stop section of the ip-up/down-script
Michael
-----Ursprüngliche Nachricht----- Von: Jost Schoeler [mailto:charly123@web.de] Gesendet: Mittwoch, 27. Juni 2001 17:04 An: suse-security@suse.com Betreff: [suse-security] personal-firewall and an addon-script.
Hello,
who can help me? I have Suse7.1 as NAT-Router and PacketFilter. Its running a PersonalFirewall but after the starting the personal-firewall I modified the system with "ipchains-restore < /etc/ipchains-rules to update the rules, I want to use.
That's working fine, but when my dynamic-IP-Provider have canceled the Connection (after 24 hours) , I must always restart my script.
What can I do after an IP-Change on PPP to do that automatic? Can I put the script in the IP-Up-Script?
Sorry, my english isn't very good ;)
Bye, Jost Schöler
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
who can help me? I have Suse7.1 as NAT-Router and PacketFilter. Its running a PersonalFirewall but after the starting the personal-firewall I modified the system with "ipchains-restore < /etc/ipchains-rules to update the rules, I want to use.
That's working fine, but when my dynamic-IP-Provider have canceled the Connection (after 24 hours) , I must always restart my script.
What can I do after an IP-Change on PPP to do that automatic? Can I put the script in the IP-Up-Script?
This is what the /sbin/SuSEpersonal-firewall script does, yes. It is highly optimized to run as fast as possible (most of the string modifications are shell syntax, it doesn't really fork that often), and it may be wise to care for the same properties in any script that runs upon dialin.
Sorry, my english isn't very good ;)
Well, we're not in an English course here. :-)
Bye, Jost Schöler
Roman.
Hmm, As "Personal Firewall"-User you may check out the "Personal Firewall Security FAQ" at "http://www.fefe.de/pffaq/". Here is the beginning: --- 8< --- Cut here --- >8 --- Personal Firewall Security FAQ Executive Summary Do Personal Firewalls improve security? No. Why do so many people install them, then? Because those people are all idiots. --- 8< --- Cut here --- >8 --- Please don't take this as an offense and read the whole page! ;) I think SuSE wanted to have something which is compliant to the buzz-word "personal firewall". IMHO SuSE failed in choosing "Personal Firewall" for Linux firewall capabilities and should advertise with "true firewall functionality instead". :) As I consider your Firewall as "true firewall", here is my hint: Putting the script into "ip-up"-script should work perfectly. - Test it. ;) Regards, Holger ----------------------------------------------------------------------- Holger van Lengerich paderLinx - Neue Informationsmedien GmbH Diplom-Informatiker Cheruskerstraße 2b, 33102 Paderborn mailto:hvl@paderlinx.de Fon: +49 5251 8994 - 16 Fax: -20 ----------------------------------------------------------------------- I am a signature virus! Help me spread and copy me to your sig!
participants (5)
-
Appeldorn -
Gerd Bitzer -
Holger van Lengerich -
Jost Schoeler -
Roman Drahtmueller