From bb@suse.com Fri Feb 13 23:15:44 1998
From: bb@suse.com
To: users@lists.opensuse.org
Subject: Re: [S.u.S.E. Linux] was: Bash Redialer now: rc.firewall.on
Date: Sat, 14 Feb 1998 00:15:44 +0100
Message-ID: <6c2k70$6r4$1@Galois.suse.de>
In-Reply-To: <[S.u.S.E. Linux] was: Bash Redialer now: rc.firewall.on>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2979219377909164866=="
--===============2979219377909164866==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Tom Schaefer wrote:
>=20
> Jonathan Markevich wrote:
>=20
> > Please let me know if you can see any improvements. I am just learning s=
hell
> > scripting!
> >
>=20
> You're a helluva lot better than I''ll ever be!Perhaps this will compliment=
your
> ppp script ... Here's a modified firewall script. I downloaded this script a
> while back from a MASQ page on the net - sorry I don't know who actually wr=
ote
> it, but it seems to work fine. I run this after the link is up, and it doe=
s a
> nice job.
So why don't you use the firewall/masquerading scipts included in the distrub=
ution?
=20
> The main modification is that it automatically detects the ppp0 address, wh=
ich
> is handy for those who have dynamic IP addresses. If anyone finds fault wit=
h it,
That's nice, but not realy needed...
> please let me know. There's nothing worse than a crappy firewall script!
>=20
> The only thing I haven't added yet is a way to kick this script after an
> automatic redial.
You don't need to if you set up the firewall rules on a device and not
on a address like the script you posted. The rules can be set up at any
time, it doesn.t care if the interface is existung or not. If it exists
the rules will take care of the traffic.
Waht you can do is edit /etc/rc/config and set up the FW_* and MSQ_*
variables like described in the manual, and set the FW_START/MSQ_START
to 'yes' to make them active.=20
The firewall then will protect you at the time you are connected and you=20
don't have to think about starting/stopping the firewall.
BTW, to remove the rules, which are installed by your script, try this:
ipfwadm -f -I
ipfwadm -f -O
ipfwadm -f -F
=20
> ppp 2.3.0 redials automatically just fine, and will accomplish 900f the time
> that which Jonathan's script is doing. Since I'm somewhat limited on time, I
> haven't figured out what signal it takes to "kick" it into redial, other th=
an
> the fact that if the connection is terminated by the other end, it starts
> redialing nicely.
You can also use 'diald', which works perfect for me. (In fact, our office
has been connectet to the internet via a diald controlled PPP link. But
since last week we have our T1 up and running and no dialing is needed
any more...:)
=20
> And of course, you're all wondering why I don't use the SuSE supplied
> firewall/MASQ scripts, it's like anything else - you use what you know work=
s. I
> haven't had time to read the docs and test their scripts, as I'm not sure w=
hat
> some of the values are in rc.config.
They are documented in the manual, and I will try to translate my Mini-Howto =
in
englisch ASAP...
Ciao,
BB
--=20
Bodo Bauer S.u.S.E., LLC fon +1-510-835 7873=20
bb(a)suse.de 458 Santa Clara Avenue fax +1-510-835 7875
http://www=
.suse.com> Oakland CA, 94610 USA
--
To get out of this list, please send email to majordomo(a)suse.com with
this text in its body: unsubscribe suse-linux-e
--===============2979219377909164866==--