1 |
james wrote: |
2 |
> Hello, |
3 |
> |
4 |
> I'm attempting to follow this wiki to build a test firewall running iptables: |
5 |
> http://gentoo-wiki.com/HOWTO_Iptables_for_newbies#QuickStart |
6 |
> |
7 |
> Kernel is 'hardened' with netfilter et al activated. |
8 |
> |
9 |
> It looks reasonable and is suppose to be up to date. |
10 |
> |
11 |
> My nics are set up in /etc/conf.d/net |
12 |
> iface_eth0="192.168.2.20 broadcast 192.168.2.255 netmask 255.255.255.0" |
13 |
> iface_eth1="192.168.3.11 broadcast 192.168.3.255 netmask 255.255.255.0" |
14 |
> iface_eth2="<snipped> broadcast <snipped> netmask 255.255.255.252" |
15 |
> routes_eth2=( "default gw <snipped>" ) |
16 |
> |
17 |
> All work fine. |
18 |
> |
19 |
> port forwarding is enabled: |
20 |
> |
21 |
> Rulesets get saved to /var/lib/iptables/rules-save |
22 |
> As specificed in /etc/conf.d/iptables |
23 |
> and |
24 |
> /etc/init.d/iptables is the script that launces iptables |
25 |
> plus rc-update add iptables default |
26 |
> |
27 |
> I think all of this is correct(correct me if I'm wrong). |
28 |
> |
29 |
> When I go to /etc/init to write my rules into firewall.sh |
30 |
> as specified in the aforementioned wiki I automatically get |
31 |
> this shoved into the script: |
32 |
> |
33 |
> #!/sbin/runscript |
34 |
> # Copyright 1999-2006 Gentoo Foundation |
35 |
> # Distributed under the terms of the GNU General Public License v2 |
36 |
> # $Header: $ |
37 |
> depend() { |
38 |
> } |
39 |
> start() { |
40 |
> } |
41 |
> stop() { |
42 |
> } |
43 |
> restart() { |
44 |
> } |
45 |
> |
46 |
> |
47 |
> |
48 |
> curiously none of the example talk about this. |
49 |
> |
50 |
> Is this the correct place to put my script(/etc/init.d/, |
51 |
> which is somewhat similar to the one suggested in the |
52 |
> wiki? |
53 |
> |
54 |
> |
55 |
> None of the examples I found googling discuss the details of where to put |
56 |
> the script, how to launch it and other such details. Any suggestion |
57 |
> are welcome. I have found lots of example scripts similar to my 3 nic |
58 |
> net/lan/dmz setup though. |
59 |
> |
60 |
> Any suggestions are very welcome. |
61 |
> |
62 |
> James |
63 |
> |
64 |
> |
65 |
> |
66 |
> |
67 |
|
68 |
Actually IMHO gentoo has internal mechanism for dealing with iptables rules. |
69 |
|
70 |
After you are ready and sure the rules work OK, you do: |
71 |
|
72 |
1) /etc/init.d/iptables save |
73 |
|
74 |
This would record your rules in /var/lib/iptables/rules-save as you |
75 |
issued the command "iptables-save > /var/lib/iptables/rules-save" ] |
76 |
|
77 |
|
78 |
Then you put iptables in the init sequence so the rules are restored at |
79 |
every system start: |
80 |
|
81 |
2) rc-update add iptables default |
82 |
|
83 |
This would do "iptablebs-restore < /var/lib/iptables/rules-save" at |
84 |
every boot. |
85 |
|
86 |
|
87 |
3) Additionally you can set some parameters in /etc/conf.d/iptables |
88 |
|
89 |
|
90 |
Hope This Helps |
91 |
|
92 |
-- |
93 |
Best regards |
94 |
Daniel |
95 |
|
96 |
-- |
97 |
gentoo-user@g.o mailing list |