[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] ipchains - what is latest version?
- Subject: Re: [cobalt-users] ipchains - what is latest version?
- From: "Brian N. Smith" <support@xxxxxxxxxx>
- Date: Sun Feb 2 17:42:39 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
----- Original Message -----
From: "Gerald Waugh"
Subject: Re: [cobalt-users] ipchains - what is latest version?
> I believe that is the latest version.
> You have to remember that the current state of the art is iptables.
>
> Has anyone tried iptables on a RaQ with updated 2.4.x kernel ?
>
> Gerald
> --
> _____________________________________
Hey, don't go changing the subject :-) *whatever*
I have a RaQ 550 (raq4r), running iptables ... works wonderfully.
You need to do a little hacking into the cobalt stuff. They actually
use it .. but, just a little bit for IP accounting.
Here is mine, pretty easy to follow if you have done ipchains. Sorry
about the formating, but I am not gonna reformat it :-)
/etc/rc.d/init.d/iptables start
needs to be started, because that is Cobalt's ip accounting app ...
have fun and enjoy!
#!/bin/bash
# This is my firewall script for IPTABLES
# chkconfig: 345 98 10
case "$1" in
start)
echo -n 'Starting Firewall: '
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat --flush
iptables -t filter --flush
iptables -F acctin
iptables -F acctout
iptables -X acctin
iptables -X acctout
/etc/rc.d/init.d/iptables start
iptables -t filter -P INPUT DROP
iptables -t filter -A INPUT -i eth0 -j ACCEPT
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A INPUT -m state --state
RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A INPUT -p tcp -m tcp --dport 20 -j
ACCEPT
iptables -t filter -A INPUT -p tcp -m tcp --dport 21 -j
ACCEPT
iptables -t filter -A INPUT -p tcp -m tcp --dport 80 -j
ACCEPT
#iptables -t filter -A INPUT -p tcp -m tcp --dport 444 -j
ACCEPT
iptables -t filter -A INPUT -p tcp -m tcp --dport 25 -j
ACCEPT
iptables -t filter -A INPUT -p tcp -m tcp --dport 443 -j
ACCEPT
iptables -t filter -A INPUT -p tcp -m tcp --dport 53 -j
ACCEPT
#iptables -t filter -A INPUT -p tcp -m tcp --dport 113 -j
ACCEPT
#iptables -t filter -A INPUT -p udp --dport 113 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p tcp -m tcp --dport 22 -j
ACCEPT
#iptables -t filter -A INPUT -p udp --dport 2233 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -j
MASQUERADE
;;
stop)
echo -n 'Stopping Firewall: '
iptables -t filter -P INPUT ACCEPT
iptables -t nat --flush
iptables -t filter --flush
iptables -F acctin
iptables -F acctout
iptables -X acctin
iptables -X acctout
/etc/rc.d/init.d/iptables start
echo ' [OK]'
;;
restart)
$0 stop
$0 start
;;
status)
# This shows the firewall ruleset!
echo "********************"
echo "* The Filter Table *"
echo "********************"
iptables -t filter --list -n
echo
echo "********************"
echo "* The NAT Table *"
echo "********************"
iptables -t nat --list -n
;;
*)
echo
echo " Brian's Firewall v1.0 for IPTABLES"
echo "****************************************"
echo "Usage $0 (start, stop, restart, status)"
echo
echo " Start - Starts FW"
echo " Stop - Stops FW"
echo " Restart - Restart FW"
echo " Status - Shows FW"
echo
;;
esac
exit 0