| Autor |
Nachricht |
|
|
Titel: Installing a custom firewall in a Debian-based System V dist
 Verfasst am: 27.05.2006, 22:36 Uhr
|
|
Anmeldung: 03. Apr 2005
Beiträge: 41
|
|
3 or 4 years ago, Guarddog didn't exist and I wrote a stateful firewall with Daniel Robbins' instructions on IBM's site and a few hacks I
got on the net. Until now, it seems the firewall works quite well and, if I switch to a Debian distro, I would like to keep it.
With Slackware, the installation is very simple. As root, you put the iptables commands in:
/etc/rc.d/rc.firewall
then you:
chmod 700 rc.firewall
and you call it from:
/etc/rc.d/rc.inet2
this way:
if [ -x /etc/rc.d/rc.firewall ]; then
/etc/rc.d/rc.firewall start
fi
(Those lines already in rc.inet2. All you have to do is uncomment them.)
Of course, the script must be written accordingly:
start ()
{
commands
}
start
This is the only official way in Slackware. I mean, you could call the firewall file bart.lisa if you prefered, but that's the way to do it.
System V is a little more complex, I believe. Could somebody provide the official way to do exactly the same thing in Debian, with reference(s). I don't want to know how you somehow managed to get your firewall running. I've already seen hundreds of ways to do it, and the pro and cons of each way, lots of discussion, lots of dissent, etc. For an OS that's supposed to simplify system administration, it's just mind boggling!
I suppose this reference would help for some more nitty gritty stuff.
Thanks in advance! |
|
|
| |
|
|
|
 |
|
|
|
Titel:
Verfasst am: 28.05.2006, 23:08 Uhr
|
|
Anmeldung: 03. Apr 2005
Beiträge: 41
|
|
Ok, I got no answer to my very complex question, but there's one good thing: nobody asked MY references for Slackware. Very fortunate: I have none!  I learned that. with Slackware, the references are in the files.
Let's say I'm a real ignorant about Linux, which is quite exact, and all I've read is the Linux Pocket Guide. What do I do to learn how to install a firewall?
If I look in /etc/rc.d/, there are 2 files that look like the way geeks could name files pertaining to internet: rc.inet1 and rc.inet2, rc standing for, I guess, ressources configuration, inet for internet.
So I
less rc.inet1
and the first line in the file says:
"This script starts up the base networking system."
This might be it! Let's see.
cat rc.inet1 | grep -i firewall
Nothing. Too bad. Let's see the other file:
cat rc.inet2 | grep -i firewall
returns:
if [ -x /etc/rc.d/rc.firewall ]; then
/etc/rc.d/rc.firewall start
# required if you plan to use your Linux machine as a router or firewall.
The first 2 lines seem interesting. It says that if I've got a file called /etc/rc.d/rc.firewall and it is executable, it should be started.
I believe that's it in pretty much plain english. I know which file asks that the firewall be started, I know how the firewall is usually called, so that if another sysadmin replaces me he can find the file in no time at all. And I know that it should be chmoded x.
Bingo! No need to look on the net. EVERYTHING is there, all instructions available in a matter of minutes. Can't anybody tell me how to find information this way in Debian? This is how I'd like to start my firewall, despite there being a 1000 other ways to do it. |
|
|
| |
|
|
|
|
|
|
|
Titel:
Verfasst am: 29.05.2006, 08:08 Uhr
|
|
Anmeldung: 21. Nov 2004
Beiträge: 1018
|
|
There are several methods you could do it. Here are two, one VERY similar to Slackware, the other different, but also very easy.
Let´s start with the second one:
- This assumes you use dhclient for getting your IP address. Then just put your firewall script (just the IP tables commands, not the whole start/stop stuff) into a file called /etc/dhclient-exit-hooks. When your computer receives the IP address, the script is called and your firewall set. (It´s best to start the script with clearing the iptables.)
The first method is really very similar to the slackware approach:
- Put your firewall script with the start/stop stuff into /etc/init.d/, e.g. as a file called 'firewall'.
- Now issue 'update-rc.d firewall start S 40 . stop 34 0 6 .' . This puts symlinks into the dirs /etc/rc0.d, rc6.d and rcS.d, defining the services that are started or stopped in the different runlevels. Runlevel S is the system start, 0 is stop and 6 is reboot.
- Files that start with S... in these dirs are called with the 'start' command, files with K... with the 'stop' command. All files are called in alphabetical order, so K34... gets executed before K35... The numbers I've given refer to my system, so that the firewall is defined after the network has been started and stopped just before the network is stopped.
Cheers,
Michael |
|
|
| |
|
|
|
|
|
|
|
Titel:
Verfasst am: 30.05.2006, 00:01 Uhr
|
|
Anmeldung: 03. Apr 2005
Beiträge: 41
|
|
Thanks Michael!
To tell the truth, I still find the Slackware way of doing things way more simple. I might try to stick to a Slackware-based distro. I find Debian has a complex way of easing things out. |
|
|
| |
|
|
|
|
|
|
|
|
|
|
