Konrad Rosenbaum <kon...@silmor.de> (Sa 28 Mär 2009 16:22:24 CET): > On Saturday 28 March 2009, Jeffrey Kelling wrote: > > > Vermeide Netzwerke, oder benutze zumindest eine paranoide > > > Firewall-Einstellung. > > > > Dazu hätte ich selber mal eine Frage: > > @Konrad: gibt es ein gutes Tutorial zur Einrichtung von iptables, als ich > > das zuletzt versucht hab kam ich danach selbst nicht mehr ins Netzwerk ;( > > Ich kenne keines. Man sollte während der Experimente zumindest direkten > (Tastatur-) Zugriff auf die eigene Maschine haben.
Oder sowas wie: #! /bin/bash # © 2008 Heiko Schlittermann <h...@schlittermann.de> # $Id: firestart 3589 2008-01-21 21:21:24Z heiko $ # $URL: https://svn.schlittermann.de/is/firestart/trunk/firestart $ tmp=$(getopt -n $(basename 0) -o hm -l help,man -- $@) eval set -- $tmp while true; do o="$1"; shift case "$o" in -h|--help) pod2usage -verbose 0 $0; exit 0 ;; -m|--man) pod2usage -verbose 2 $0; exit 0 ;; --) break ;; esac done SCRIPT=${1-/etc/network/firewall} TMOUT=${2-10} TMPFILE=$(mktemp) function die() { echo "$(basename $0): $@" >&2; exit 1; } function save() { echo -n "saving firewall to $1... " >&2 iptables-save >$1 echo "ok" >&2 } function restore() { test -f $1 || return echo -en "\nrestoring firewall rules from $1... " >&2 iptables-restore <$1 echo "ok" >&2 rm -vf $1 } trap "test -f $TMPFILE && restore $TMPFILE" EXIT test -f $SCRIPT || die "$SCRIPT not found" save $TMPFILE unset REPLY if $SCRIPT; then read -t $TMOUT -p "OK? (yes/no) (timeout: ${TMOUT}s): " \ && test "$REPLY" == "yes" \ && echo "new firewall is active now" >&2 \ && rm $TMPFILE \ && exit 0 fi restore $TMPFILE # if it's not set, the read timed out and we want to # read the response now test "${REPLY+set}" || read -t 5 exit 1 =head1 NAME firestart - simple wrapper for safe firewall start =head1 SYNOPSIS firestart [filename [timeout]] firestart {-h|--help} | {-m|--man} =head1 DESCRIPTION This script just saves the current firewall state, starts the new one and waits for user input. If this input doesn't appear, the old state is restored. Same if the used doesn't confirm the new settings. The I<timeout> is the time (seconds) to wait for user input after starting the firewall (default: 10). The I<filename> is the name of the firewall script, it has to be executable (default: F</etc/network/firewall>). =head1 OPTIONS =over 4 =item B<-h>|B<--help> Short help. =item B<-m>|B<--man> Man page =back =head1 AUTHOR Heiko Schlittermann =cut
signature.asc
Description: Digital signature
_______________________________________________ Lug-dd maillist - Lug-dd@mailman.schlittermann.de https://ssl.schlittermann.de/mailman/listinfo/lug-dd