On November 19, 2003 02:59 pm, Tiago Lima wrote:
> Sorry for this newbie question but what is the "best" way to start iptables
> (and rules) on boot time?
hmmm. while i can't tell you the "best" way, i can tell you what i did. i
wrote a startup script with the following contents. it may not have been the
best route to go, but this way, i have a panic button if i need it ;-)
#!/sbin/runscript
#
# rc.firewall
# firewall script for alexandria
#
opts="start stop panic"
depend() {
need net
}
start() {
ebegin "Enabling firewall"
# >>>>>>>>>>>>>>>> firewall rules go here <<<<<<<<<<<<<<<<
eend $?
}
stop() {
ebegin "Disabling firewall"
iptables --policy INPUT ACCEPT
iptables --policy OUTPUT ACCEPT
iptables --policy FORWARD ACCEPT
iptables -t filter --flush
iptables -t filter --delete-chain
eend $?
}
panic() {
ebegin "SHIELDS! WHERE ARE MY SHIELDS???"
iptables -t filter --flush
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables -t filter --delete-chain
eend $?
}
--
understand that legal and illegal are political, and often arbitrary,
categorizations; use and abuse are medical, or clinical, distinctions.
- abbie hoffman
--
[EMAIL PROTECTED] mailing list
