[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] (CacheRaq2) IPFWADM Script Assistance Req'd - Linux Newbie Alert

Subject: [cobalt-users] (CacheRaq2) IPFWADM Script Assistance Req'd - Linux Newbie Alert
From: "Accounts" <noala@xxxxxxxxxxx>
Date: Fri Nov 23 00:27:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi Folks,

(All groans re being a newbie accepted - gotta start somewhere!)

I want to put some packet filters on our CacheRaq2 to block certain
IPs - it's running kernal 2.0.x and therefore is using ipfw as opposed
to ipchains.

Searching through the archives I have found a script which I can edit to
do what I want I believe.

Found how to construct rules with ipfwadm at this site (in case anyone
else might find it useful):
http://www.xos.nl/linux/ipfwadm/paper/linuxfw2.html

The script from the archives just ends at the end of a particular rule.
This is the script posted to the list a year ago:
http://list.cobalt.com/pipermail/cobalt-users/2000-November/025781.html

I will be adding lines such as this to the script:
#Refuse specific IPs - logging on (-o)
/sbin/ipfwadm -I -a deny -S xxx.xxx.xxx.xxx -o
/sbin/ipfwadm -I -a deny -S xxx.xxx.xxx.xxx -o

Question 1: Is there meant to be something at the end of the script to
tell it to stop/exit? If there is please tell me what it/they are!
(looking at the script that is already on the CacheRaq at
/etc/rc.d/init.d/   there are things like 'exit 1' and 'esac' at the
end)

Question 2: The above mentioned script (the one I am going to add) will
go in /etc/rc.d/init.d/, does this mean it will be run automatically
when the CacheRaq is rebooted?

If the answer to 2 is no, what do I need to put, and where, to make this
happen. IE How to make the ipfw rules permanent even when the machine is
rebooted.

Question 3: There is a script already on the CacheRaq
(etc/rc.d/init.d/cacheqube-ipfwadm.init), however when I do a ps ax |
grep ipfw (or ipfwadm) it doesn't appear to be running (just shows the
grep command) - am I trying to check it the correct way?

I don't have an old/extra machine I can test this on and want to make
sure (as much as possible) that what I'm doing is right before I make
any changes to the CacheRaq. (Yes I will be changing the names of the
exising files and keeping them so that I can, hopefully, just switch
back if the changes don't work).

TIA,

Noala

Follow-Ups:
- Re: [cobalt-users] (CacheRaq2) IPFWADM Script Assistance Req'd - Linux Newbie Alert
  - From: flash22
- Re: [cobalt-users] (CacheRaq2) IPFWADM Script Assistance Req'd - Linux Newbie Alert
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-users] Mailing list result...
Next by Date: Re: [cobalt-users] (CacheRaq2) IPFWADM Script Assistance Req'd - Linux Newbie Alert
Previous by thread: Re: [cobalt-users] uninstall method
Next by thread: Re: [cobalt-users] (CacheRaq2) IPFWADM Script Assistance Req'd - Linux Newbie Alert

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index