[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] (CacheRaq2) IPFWADM Script Assistance Req'd - Linux Newbie Alert
- Subject: Re: [cobalt-users] (CacheRaq2) IPFWADM Script Assistance Req'd - Linux Newbie Alert
- From: "Gerald Waugh" <gerald@xxxxxxxxx>
- Date: Sat Nov 24 06:02:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> I will be adding lines such as this to the script:
> #Refuse specific IPs - logging on (-o)
> /sbin/ipfwadm -I -a deny -S xxx.xxx.xxx.xxx -o
> /sbin/ipfwadm -I -a deny -S xxx.xxx.xxx.xxx -o
>
> Question 1: Is there meant to be something at the end of the script to
> tell it to stop/exit? If there is please tell me what it/they are!
> (looking at the script that is already on the CacheRaq at
> /etc/rc.d/init.d/ there are things like 'exit 1' and 'esac' at the
> end)
Yes, it should return something mine does;
echo "done"
exit 0
> Question 2: The above mentioned script (the one I am going to add) will
> go in /etc/rc.d/init.d/, does this mean it will be run automatically
> when the CacheRaq is rebooted?
Be sure there is a symlink in /etc/rc.d/rc3.d. If so it will be called when
you reboot.
You will have to call it manually the first time though. Usually ther should
be
a symlink in rc2 rc3 rc4 rc5
If all else fails put it in rc.local
> If the answer to 2 is no, what do I need to put, and where, to make this
> happen. IE How to make the ipfw rules permanent even when the machine is
> rebooted.
>
> Question 3: There is a script already on the CacheRaq
> (etc/rc.d/init.d/cacheqube-ipfwadm.init), however when I do a ps ax |
> grep ipfw (or ipfwadm) it doesn't appear to be running (just shows the
> grep command) - am I trying to check it the correct way?
You won't see it running in ps, it's a kernel process.
check the rules and see if they are running
try ipfwadm -I -ln
try ipfwadm -O -ln
ry ipfwadm -F -ln
For safety sake I add the following to my firewall script
This is at the end of the init script, just before it exits
# ===== Set TTF to 0 for the firewall rules to run for ever ====== #
# ===== Else set to the number of seconds before flusshing rules ==== #
TTF=0 # Time to flush rules
# disable after $TTF seconds.
if test $TTF -gt 0
then
echo "Firewall rules runing for $TTF seconds"
(sleep $TTF; \
/sbin/ipfwadm -I -f; \
/sbin/ipfwadm -I -p accept; \
/sbin/ipfwadm -O -f; \
/sbin/ipfwadm -O -p accept; \
/sbin/ipfwadm -F -f; \
/sbin/ipfwadm -F -p accept; \
/sbin/ipfwadm -I -a deny -P udp -S 0.0.0.0 1 -D 0.0.0.0 1 \
) &
else
echo "Firewall rules running for ever"
fi
echo "done"
exit 0