[gentoo-user] launching iptables

[gentoo-user] launching iptables

[James]

Hello,

I've got my own iptables script to launch a customized firewall, located in 
/usr/local/bin. 

I'm aware of /etc/init.d/iptables the 'runscipt'. I do not wish to edit this
scipt as 'gentoo' updates nuke my edits therein.  Where is the gentoo
place of preference to launch my scipt after the gentoo runscipt
'/etc/init.d/iptables'  is finished running?

Is their a way to get 'rc-update add <my_firewall>  default' to launch
my_firewall without putting it in the /etc/init.d/ dir and using the 
runscipt template for my script?


thoughts, suggestions and examples are most welcome.


James



-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] launching iptables

[Alexander Kirillov]

> I've got my own iptables script to launch a customized firewall, located in 
> /usr/local/bin. 
> 
> I'm aware of /etc/init.d/iptables the 'runscipt'. I do not wish to edit this
> scipt as 'gentoo' updates nuke my edits therein.  Where is the gentoo
> place of preference to launch my scipt after the gentoo runscipt
> '/etc/init.d/iptables'  is finished running?
> 
> Is their a way to get 'rc-update add <my_firewall>  default' to launch
> my_firewall without putting it in the /etc/init.d/ dir and using the 
> runscipt template for my script?
> 
> thoughts, suggestions and examples are most welcome.


Keep your script in /etc and run it once.
If you have SAVE_ON_STOP="yes" in /etc/conf.d/iptables
your rules will be restored whenever you restart iptables.

HTH,
Sasha

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: launching iptables

[James]

Alexander Kirillov <nevis2us <at> infoline.su> writes:


> > Is their a way to get 'rc-update add <my_firewall>  default' to launch
> > my_firewall without putting it in the /etc/init.d/ dir and using the 
> > runscipt template for my script?

> > thoughts, suggestions and examples are most welcome.
> Keep your script in /etc and run it once.

OK, but how will it get discovered again upon reboot?

/etc/init.d/iptables will overwrite what my_firewall.sh does.
as it is currently doing....


> If you have SAVE_ON_STOP="yes" in /etc/conf.d/iptables
> your rules will be restored whenever you restart iptables.

Um, maybe I missing something but searching for "SAVE_ON"
only reveals this line in the /etc/init.d/iptables script:


stop() {
        if [[ ${SAVE_ON_STOP} == "yes" ]] ; then
                save || return 1
        fi


it looks for this setting in my script?  If not, what file do 
I set the param  ${SAVE_ON_STOP}  in?


I.E. this is a conditional statement testing the setting which is 
where?

Or do I just add this line to the end for the scipt?

confused.

James






-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: launching iptables

[Iain Buchanan]

On Wed, 2006-08-02 at 21:13 +0000, James wrote:
> Alexander Kirillov <nevis2us <at> infoline.su> writes:
> 
> 
> > > Is their a way to get 'rc-update add <my_firewall>  default' to launch
> > > my_firewall without putting it in the /etc/init.d/ dir and using the 
> > > runscipt template for my script?
> 
> > > thoughts, suggestions and examples are most welcome.
> > Keep your script in /etc and run it once.
> 
> OK, but how will it get discovered again upon reboot?

when you use iptables-save, your script gets saved in the IPTABLES_SAVE
location in /etc/conf.d/iptables

> /etc/init.d/iptables will overwrite what my_firewall.sh does.
> as it is currently doing....
> 
> 
> > If you have SAVE_ON_STOP="yes" in /etc/conf.d/iptables
> > your rules will be restored whenever you restart iptables.
> 
> Um, maybe I missing something but searching for "SAVE_ON"
> only reveals this line in the /etc/init.d/iptables script:

you're looking in init.d, look in conf.d - this is where you customise
behaviour for init scripts...

I use webmin to create the initial iptables rules, then edit the file by
hand that I specified in /etc/conf.d/iptables, if I have to.  webmin is
pretty good, so usually I don't have to edit anything by hand...

HTH,
-- 
Iain Buchanan <iaindb at netspace dot net dot au>

"By golly, I'm beginning to think Linux really *is* the best thing since
sliced bread."
(By Vance Petree, Virginia Power)

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: launching iptables

[Daniel Huckstep]

> On Wed, 2006-08-02 at 21:13 +0000, James wrote:
>   
>> Alexander Kirillov <nevis2us <at> infoline.su> writes:
>>
>>
>>     
>>>> Is their a way to get 'rc-update add <my_firewall>  default' to launch
>>>> my_firewall without putting it in the /etc/init.d/ dir and using the 
>>>> runscipt template for my script?
>>>>         
>>>> thoughts, suggestions and examples are most welcome.
>>>>         
>>> Keep your script in /etc and run it once.
>>>       
>> OK, but how will it get discovered again upon reboot?
>>     
>
> when you use iptables-save, your script gets saved in the IPTABLES_SAVE
> location in /etc/conf.d/iptables
>
>   
>> /etc/init.d/iptables will overwrite what my_firewall.sh does.
>> as it is currently doing....
>>
>>
>>     
>>> If you have SAVE_ON_STOP="yes" in /etc/conf.d/iptables
>>> your rules will be restored whenever you restart iptables.
>>>       
>> Um, maybe I missing something but searching for "SAVE_ON"
>> only reveals this line in the /etc/init.d/iptables script:
>>     
>
> you're looking in init.d, look in conf.d - this is where you customise
> behaviour for init scripts...
>
> I use webmin to create the initial iptables rules, then edit the file by
> hand that I specified in /etc/conf.d/iptables, if I have to.  webmin is
> pretty good, so usually I don't have to edit anything by hand...
>
> HTH,
>   


I use fwbuilder, and just made my own basic init script for a firewall...


#!/sbin/runscript

depend() {
        need net
}

start() {
        ebegin "Starting firewall"
        /opt/scripts/firewall
}

stop() {
        ebegin "Stopping firewall"
        /opt/scripts/flush-iptables
}

where /opt/scripts/firewall is the fwbuilder file, and flush-iptables is 
one to just set them back to basic let everything through state.

Daniel
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] launching iptables

[Donnie Berkholz]

[-- Attachment #1: Type: text/plain, Size: 560 bytes --]

James wrote:
> I'm aware of /etc/init.d/iptables the 'runscipt'. I do not wish to edit this
> scipt as 'gentoo' updates nuke my edits therein.  Where is the gentoo
> place of preference to launch my scipt after the gentoo runscipt
> '/etc/init.d/iptables'  is finished running?
> 
> Is their a way to get 'rc-update add <my_firewall>  default' to launch
> my_firewall without putting it in the /etc/init.d/ dir and using the 
> runscipt template for my script?

You can run arbitrary commands in /etc/conf.d/local.{start,stop}.

Thanks,
Donnie


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]

Re: [gentoo-user] launching iptables

[Jerry McBride]

On Wednesday 02 August 2006 16:41, James wrote:
> Hello,
>
> I've got my own iptables script to launch a customized firewall, located in
> /usr/local/bin.
>
> I'm aware of /etc/init.d/iptables the 'runscipt'. I do not wish to edit
> this scipt as 'gentoo' updates nuke my edits therein.  Where is the gentoo
> place of preference to launch my scipt after the gentoo runscipt
> '/etc/init.d/iptables'  is finished running?
>
> Is their a way to get 'rc-update add <my_firewall>  default' to launch
> my_firewall without putting it in the /etc/init.d/ dir and using the
> runscipt template for my script?
>
>
> thoughts, suggestions and examples are most welcome.
>
>

Over here I edited /etc/conf.d/local.start and have my firewall started from 
there. Then I edited local.stop to turn it off when shutting down.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] launching iptables

[Richard Fish]

On 8/2/06, James <wireless@tampabay.rr.com> wrote:
> Hello,
>
> I've got my own iptables script to launch a customized firewall, located in
> /usr/local/bin.
>
> I'm aware of /etc/init.d/iptables the 'runscipt'. I do not wish to edit this
> scipt as 'gentoo' updates nuke my edits therein.  Where is the gentoo
> place of preference to launch my scipt after the gentoo runscipt
> '/etc/init.d/iptables'  is finished running?

The best way is to run your script to setup the firewall the way you
want.  Then do:

/etc/init.d/iptables save
rc-udpate -a iptables default

Then, the Gentoo iptables script will restore *your* rules every time
you boot.  Any time you make a change to the rules, just run
"/etc/init.d/iptables save" to have Gentoo save off your current
rules.

-Richard
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] launching iptables

[dg]

On Thursday 03 August 2006 00:41, James wrote:
> Hello,
>
> I've got my own iptables script to launch a customized firewall, located in
> /usr/local/bin.
>
> I'm aware of /etc/init.d/iptables the 'runscipt'. I do not wish to edit
> this scipt as 'gentoo' updates nuke my edits therein.  Where is the gentoo
> place of preference to launch my scipt after the gentoo runscipt
> '/etc/init.d/iptables'  is finished running?
>
> Is their a way to get 'rc-update add <my_firewall>  default' to launch
> my_firewall without putting it in the /etc/init.d/ dir and using the
> runscipt template for my script?
>
>
> thoughts, suggestions and examples are most welcome.
>
>
> James

Just run your script once, then do
	/etc/init.d/iptables save
	/etc/init.d/iptables start
and
	rc-update add iptables default

... and it will load your rules and start firewall automatically.

BR,
dmitri
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: launching iptables

[James]

dg <dg <at> kaboom.spb.ru> writes:



> Just run your script once, then do
> 	/etc/init.d/iptables save
> 	/etc/init.d/iptables start

> 	rc-update add iptables default

> ... and it will load your rules and start firewall automatically.


Wow, lots of responses. I got the script launching upon reboot.

Thanks EVERYONE for the info and ideas....


James





-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: launching iptables

[Dale]

James wrote:
> dg <dg <at> kaboom.spb.ru> writes:
>
>
>
>   
>> Just run your script once, then do
>> 	/etc/init.d/iptables save
>> 	/etc/init.d/iptables start
>>     
>
>   
>> 	rc-update add iptables default
>>     
>
>   
>> ... and it will load your rules and start firewall automatically.
>>     
>
>
> Wow, lots of responses. I got the script launching upon reboot.
>
> Thanks EVERYONE for the info and ideas....
>
>
> James
>
>   

Well, you got it going but this is how I did mine.  I started iptables,
ran my script and made sure all was working, then did a
"/etc/init.d/iptables save".  After that it restores after I reboot and
everything.  Worked well for me at least.

Dale
:-)  :-)
-- 
gentoo-user@gentoo.org mailing list