Sunday 24 March 2019

iptables - How to install firewall script in Ubuntu?


https://help.ubuntu.com/community/Router/Firewall


In the link above there is a firewall script described. How can I install this script in Ubuntu 10.0.4 desktop?



Answer



The “advanced” firewall script is a shell script that is supposed to be executed after both the internal and the external interface are up.


First, put the script somewhere, say /etc/init.d/local/my_firewall_script, make it executable, and add #!/bin/sh as the first line in the script file.


Next, you need to arrange for the script to run after both interfaces are up. You have two options:




  • through upstart. This has my preference because the script must run when both interfaces are up. Create a file /etc/init/my_firewall.conf containing something like this:


    description "My firewall script"
    start on (net-device-up IFACE=br0 and net-device-up IFACE=eth0)
    console output

    pre-start exec /etc/init.d/local/my_firewall_script

    This is completely untested, and I have zero upstart experience, so you may need to adapt the file. Also there's a bug related to the net-device-up event that might affect you.




  • through ifup scripts. This is a bit fiddly here because the script must be run when the second interface comes up. Create a file /etc/network/if-up.d/my_firewall containing something like this (unstested):


    #!/bin/sh
    if [ "$IFACE" = "br0" ] || [ "$IFACE" = "eth0" ]; then
      if [ -n "$(ip addr show br0 | grep '^ *inet ')" ] 2>/dev/null &&
         [ -n "$(ip addr show eth0 | grep '^ *inet ')" ] 2>/dev/null; then
        /etc/init.d/local/my_firewall_script
      fi
    fi

    If there was a single interface, or if there was a guarantee that one of the interfaces always came up after the other, this method would be simpler and preferred: the script would be (assuming the single or last-up interface is eth0):


    #!/bin/sh
    if [ "$IFACE" = "et0" ]; then
      /etc/init.d/local/my_firewall_script
    fi


Note that the script given there is fairly specific to a particular setup — it's an example of a relatively advanced script. You'll have to adapt it to your setup, at least the IP address ranges and probably the name of the interfaces.


After you've found a method that works, I suggest you write a description of how you did it to the wiki page.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

How can I VLOOKUP in multiple Excel documents?

I am trying to VLOOKUP reference data with around 400 seperate Excel files. Is it possible to do this in a quick way rather than doing it m...