From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Fy9TM-0000qs-CI for garchives@archives.gentoo.org; Wed, 05 Jul 2006 15:39:28 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k65Fbtfe031220; Wed, 5 Jul 2006 15:37:55 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k65FUSNr015684 for ; Wed, 5 Jul 2006 15:30:28 GMT Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id EBB4864709 for ; Wed, 5 Jul 2006 15:30:27 +0000 (UTC) Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31403-17 for ; Wed, 5 Jul 2006 15:30:26 +0000 (UTC) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 86E8F6429B for ; Wed, 5 Jul 2006 15:30:25 +0000 (UTC) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1Fy9Jr-0004XN-Bv for gentoo-user@gentoo.org; Wed, 05 Jul 2006 17:29:39 +0200 Received: from www.buffer.net ([24.73.161.102]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 05 Jul 2006 17:29:39 +0200 Received: from wireless by www.buffer.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 05 Jul 2006 17:29:39 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: James Subject: [gentoo-user] Re: iptables wiki Date: Wed, 5 Jul 2006 15:28:57 +0000 (UTC) Message-ID: References: <44AB8E7E.1090005@ilievnet.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: main.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 24.73.161.102 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060616) Sender: news X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Status: No, score=-2.582 required=5.5 tests=[AWL=0.017, BAYES_00=-2.599] X-Spam-Score: -2.582 X-Spam-Level: X-Archives-Salt: 121a5db5-9b19-43b8-a689-062b72476f8e X-Archives-Hash: b7fcffdefc2109680190a022857cc7c3 Daniel ilievnet.com> writes: > > When I go to /etc/init to write my rules into firewall.sh > > as specified in the aforementioned wiki I automatically get > > this shoved into the script: > > > > #!/sbin/runscript > > # Copyright 1999-2006 Gentoo Foundation > > # Distributed under the terms of the GNU General Public License v2 > > # $Header: $ > > depend() { > > } > > start() { > > } > > stop() { > > } > > restart() { > > } > > curiously none of the example talk about this. > > Is this the correct place to put my script(/etc/init.d/, > > which is somewhat similar to the one suggested in the > > wiki? > > None of the examples I found googling discuss the details of where to put > > the script, how to launch it and other such details. Any suggestion > > are welcome. I have found lots of example scripts similar to my 3 nic > > net/lan/dmz setup though. > > Any suggestions are very welcome. > > James > Actually IMHO gentoo has internal mechanism for dealing with iptables rules. > After you are ready and sure the rules work OK, you do: > 1) /etc/init.d/iptables save agreed, but only if I load the rules manually; i.e. entering the rules via the command line such as in D. Robbins doc: http://gentoo-wiki.com/HOWTO_Iptables_and_stateful_firewalls#Should_I_take_this_tutorial > This would record your rules in /var/lib/iptables/rules-save as you > issued the command "iptables-save > /var/lib/iptables/rules-save" ] This will work if one loads the rules manually at the command line. Where do I put a scirpt of iptables command, so it is read the rule sets generated and then saved into /var/lib/iptables/rules-save? > Then you put iptables in the init sequence so the rules are restored at > every system start: Details on were to put the script and how best to 'loaded' into the boot sequence via my script, is what is illusive. [A] The best I can figure is I put a script in /etc/, run it manually at the command line. The ruleset will then be generated and saved into /var/lib/iptables/rules-save. Upon reboot, the /etc/init.d/iptables script reads the /var/lib/iptables/rules-save file. After that if I want to modify the rules, I edit my script, run my script manually, then issue: "iptables-save > /var/lib/iptables/rules-save" and my modifications are in the file that gentoo checks natively. If I want to then test the rules, without rebooting, I issue: /etc/init.d/iptables stop /etc/init.d/iptables start ???? > 2) rc-update add iptables default > This would do "iptablebs-restore < /var/lib/iptables/rules-save" at > every boot. yes, understood. > 3) Additionally you can set some parameters in /etc/conf.d/iptables understood. What I'm looking for is the series of steps to 1. Where best to locate my script? 2. Insert (new) commands into the script. 3. convert new scrited commands into rulesets 4. Load rulesets into the /var/lib/iptables/rules-save 5. Restart the iptables/netfilter firewall 6. Test the (new) rulesset 7. Go to step 2 and repeat until a wonderful firewall results. If what I work above [A] is correct then I just need some suggestions as to where the scipt should be located under /etc/, for consistentcy with gentoo mindsets. If what I have written is incorrect, please correct with some detail? PS: I'm not trying to be a pain, I just need to fully understand the process on Gentoo. James -- gentoo-user@gentoo.org mailing list