On Mon, 26 Feb 2001, Karl J. Runge wrote:
> I've always just done this on my firewall and roaming laptops myself
> with filtering rules on the internet-side interface. (i.e. by writing a
> shell script that repeatedly calls ipfwadm or ipchains to setup the
> rules)
>>snip<<
> I believe I have heard of various sources for "rc.firewall" scripts
> that do this, but haven't checked into them. I imagine (hope?) they
> are even more careful than what I have outlined above.
I haven't played with Linux firewalling scripts much since I started
using OpenBSD for firewalls/routers. However, I just poked around in one
of my RH7.0 machines and found that the "/etc/rc.d/init.d/ipchains"
script is just a wrapper around "ipchains-restore". To make life easier,
you can build the ruleset from the command line, then run:
# ipchains-save > /etc/sysconfig/ipchains
Then enable the ipchains "service" using your favorite method
(linuxconf, ntsysv, symlinks by hand, etc.), and your firewall rules will
load on boot. This script also gives you the ability to flush the rules
with one command, and the oh-so-handy "panic" command which slams
everything to full DENY mode.
Granted, this doesn't help build better rules, but it does make
loading/unloading them easier.
--
-Matt
Department of Defense:
We kill people - so you don't have to.
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
