[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] ipmasqadm for a RaQ4 / IPCHAINS

Subject: RE: [cobalt-users] ipmasqadm for a RaQ4 / IPCHAINS
From: BSmith@xxxxxxxxxxx
Date: Wed Jan 15 11:48:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

For all you IPCHAINS users, here is a decent script to work off of.

Just one tihng, be smart, and modify it, it was not designed for a Cobalt,
just
a vanilla flavor box.

#!/bin/sh 
# My Firewall Start, Stop, Restart Program! 

# See how we were called. 
case "$1" in 
start) 
echo -n "Starting Firewall: " 
echo 1 > /proc/sys/net/ipv4/ip_forward 
IP=`ifconfig eth1| grep inet| cut -f2 -d:| cut -f1 -d" "`
ipchains -F 
ipchains -P input DENY 
ipchains -P forward DENY 
ipchains -A input -i lo -j ACCEPT 
ipchains -A output -i lo -j ACCEPT 
ipchains -A forward -i lo -j ACCEPT 
ipchains -A input -i eth0 -j ACCEPT 
ipchains -A input -i eth1 -p tcp ! -y -j ACCEPT 
ipchains -A input -i eth1 -p udp --source-port 53 -j ACCEPT 
ipchains -A input -i eth1 -p icmp --icmp-type echo-reply -j ACCEPT 
ipchains -A input -i eth1 -p icmp --icmp-type destination-unreachable -j
ACCEPT 
ipchains -A input -i eth1 -p icmp --icmp-type time-exceeded -j ACCEPT 
ipchains -A input -i eth1 -p icmp --icmp-type parameter-problem -j ACCEPT 
ipchains -A input -i eth1 -p icmp --icmp-type source-quench -j ACCEPT 
ipchains -A input -i eth1 -p tcp --destination-port 23 -j ACCEPT 
ipchains -A input -i eth1 -p tcp --destination-port 25 -j ACCEPT
ipchains -A input -i eth1 -p tcp --destination-port 80 -j ACCEPT
ipchains -A input -i eth1 -p tcp --destination-port 20 -j ACCEPT
ipchains -A input -i eth1 -p tcp --destination-port 21 -j ACCEPT
ipchains -A input -i eth1 -p tcp --source-port 113 -j ACCEPT
ipchains -A input -i eth1 -p tcp --destination-port 113 -j ACCEPT
ipchains -A forward -i eth1 -j MASQ >> /dev/null 
ipchains -M -S 7200 10 60
ipmasqadm portfw -a -P tcp -L $IP 113 -R 192.168.100.10 113
echo -n "OK!" 
echo 
;; 
stop) 
echo -n "Shutting down Firewall: " 
ipchains -F 
ipchains -P input ACCEPT 
ipchains -P output ACCEPT 
ipchains -P forward ACCEPT 
ipmasqadm portfw -f
echo 0 > /proc/sys/net/ipv4/ip_forward 
echo -n "OK!" 
echo 
;; 
status) 
ipchains -L 
;; 
restart) 
$0 stop 
$0 start 
;; 
*) 
echo "Usage: $0 {start|stop|restart|status}" 
exit 1 
esac 

exit 0

Prev by Date: RE: [cobalt-users] ipmasqadm for a RaQ4
Next by Date: [cobalt-users] How to de-queue mail? Sobig virus message
Previous by thread: Re: [cobalt-users] raq4: SMTP server not responding
Next by thread: [cobalt-users] How to de-queue mail? Sobig virus message

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index