| 1 |
james wrote: |
| 2 |
> Hello, |
| 3 |
> |
| 4 |
> I'm attempting to follow this wiki to build a test firewall running iptables: |
| 5 |
> http://gentoo-wiki.com/HOWTO_Iptables_for_newbies#QuickStart |
| 6 |
> |
| 7 |
> Kernel is 'hardened' with netfilter et al activated. |
| 8 |
> |
| 9 |
> It looks reasonable and is suppose to be up to date. |
| 10 |
> |
| 11 |
> My nics are set up in /etc/conf.d/net |
| 12 |
> iface_eth0="192.168.2.20 broadcast 192.168.2.255 netmask 255.255.255.0" |
| 13 |
> iface_eth1="192.168.3.11 broadcast 192.168.3.255 netmask 255.255.255.0" |
| 14 |
> iface_eth2="<snipped> broadcast <snipped> netmask 255.255.255.252" |
| 15 |
> routes_eth2=( "default gw <snipped>" ) |
| 16 |
> |
| 17 |
> All work fine. |
| 18 |
> |
| 19 |
> port forwarding is enabled: |
| 20 |
> |
| 21 |
> Rulesets get saved to /var/lib/iptables/rules-save |
| 22 |
> As specificed in /etc/conf.d/iptables |
| 23 |
> and |
| 24 |
> /etc/init.d/iptables is the script that launces iptables |
| 25 |
> plus rc-update add iptables default |
| 26 |
> |
| 27 |
> I think all of this is correct(correct me if I'm wrong). |
| 28 |
> |
| 29 |
> When I go to /etc/init to write my rules into firewall.sh |
| 30 |
> as specified in the aforementioned wiki I automatically get |
| 31 |
> this shoved into the script: |
| 32 |
> |
| 33 |
> #!/sbin/runscript |
| 34 |
> # Copyright 1999-2006 Gentoo Foundation |
| 35 |
> # Distributed under the terms of the GNU General Public License v2 |
| 36 |
> # $Header: $ |
| 37 |
> depend() { |
| 38 |
> } |
| 39 |
> start() { |
| 40 |
> } |
| 41 |
> stop() { |
| 42 |
> } |
| 43 |
> restart() { |
| 44 |
> } |
| 45 |
> |
| 46 |
> |
| 47 |
> |
| 48 |
> curiously none of the example talk about this. |
| 49 |
> |
| 50 |
> Is this the correct place to put my script(/etc/init.d/, |
| 51 |
> which is somewhat similar to the one suggested in the |
| 52 |
> wiki? |
| 53 |
> |
| 54 |
> |
| 55 |
> None of the examples I found googling discuss the details of where to put |
| 56 |
> the script, how to launch it and other such details. Any suggestion |
| 57 |
> are welcome. I have found lots of example scripts similar to my 3 nic |
| 58 |
> net/lan/dmz setup though. |
| 59 |
> |
| 60 |
> Any suggestions are very welcome. |
| 61 |
> |
| 62 |
> James |
| 63 |
> |
| 64 |
> |
| 65 |
> |
| 66 |
> |
| 67 |
|
| 68 |
Actually IMHO gentoo has internal mechanism for dealing with iptables rules. |
| 69 |
|
| 70 |
After you are ready and sure the rules work OK, you do: |
| 71 |
|
| 72 |
1) /etc/init.d/iptables save |
| 73 |
|
| 74 |
This would record your rules in /var/lib/iptables/rules-save as you |
| 75 |
issued the command "iptables-save > /var/lib/iptables/rules-save" ] |
| 76 |
|
| 77 |
|
| 78 |
Then you put iptables in the init sequence so the rules are restored at |
| 79 |
every system start: |
| 80 |
|
| 81 |
2) rc-update add iptables default |
| 82 |
|
| 83 |
This would do "iptablebs-restore < /var/lib/iptables/rules-save" at |
| 84 |
every boot. |
| 85 |
|
| 86 |
|
| 87 |
3) Additionally you can set some parameters in /etc/conf.d/iptables |
| 88 |
|
| 89 |
|
| 90 |
Hope This Helps |
| 91 |
|
| 92 |
-- |
| 93 |
Best regards |
| 94 |
Daniel |
| 95 |
|
| 96 |
-- |
| 97 |
gentoo-user@g.o mailing list |
Archives