|
osdir.com mailing list archive |
|
Subject: Re: scripts - msg#00101List: debian.devel.firewalloffice [19/09/04 13:19 -0700] wrote: [...] // Should I write a script? How to make the debian mashine to execute it // at startup? Yes, you should write a script, and you could copy it into /etc/init.d/script_name and execute ~# update-rc.d script_name defaults so that, some symbolic links will be created into /etc/rc[0123456].d/ for 'start'ing and 'stop'ing your script when you'll boot and shutdown your machine. Good luck :-) -- .''`. Public Key & Key Fingerprint ,= ,-_-. =. : :' : http://fermat.movimage.com/fermat.asc ((_/)o o(\_)) `. `'` 02C3 E5E5 2283 D08F 506C 3070 4713 40EF 21C5 21E2 `-'(. .)`-' `- http://www.debian.org/ http://www.gnu.org/ \_/
Thread at a glance:
Previous Message by Date: click to view message previewscriptsI managed to configure a mashine with two NIC's using "ipchains" but every time I turn off the computer the configuration is lost. How can I overcome this problem? Should I write a script? How to make the debian mashine to execute it at startup? Stoyan Next Message by Date: click to view message previewRe: simple iptables rulesЗдравствуйте, Carsten Grillenberger! 18 Сентября 2004г. в 16:37 Вы написали: > > I think you use iptables... > Without the knowledge and a plan it's insecure and could be more > frustating as if you would use no iptables. > Nevertheless there are programs (fwbuilder...), who build a script or > you can find scripts per google and try to understand them. > Maybe sb can help me, and say. Why these rules drop my VPN connection? All chains have -P DROP and LO_IFACE and LAN_IFACE = eth0 (ppp0 used to) iptables-1.2.9 Thanks! $IPTABLES -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK \ -m state --state NEW -j REJECT --reject-with tcp-reset $IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \--log-prefix "New not syn:" $IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP $IPTABLES -A allowed -p TCP --syn -j ACCEPT $IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT$IPTABLES -A allowed -p TCP -j DROP $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 21 -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed $IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT $IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT $IPTABLES -A INPUT -p tcp -j bad_tcp_packets $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT $IPTABLES -A INPUT -p UDP -i $LAN_IFACE --dport 67 --sport 68 -j ACCEPT $IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED \-j ACCEPT $IPTABLES -A INPUT -p TCP -i $INET_IFACE -j tcp_packets $IPTABLES -A INPUT -p UDP -i $INET_IFACE -j udp_packets $IPTABLES -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets $IPTABLES -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \ --log-level DEBUG --log-prefix "IPT INPUT packet died: " $IPTABLES -A FORWARD -p tcp -j bad_tcp_packets $IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG \ --log-level DEBUG --log-prefix "IPT FORWARD packet died: " $IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets $IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT $IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT $IPTABLES -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \ --log-level DEBUG --log-prefix "IPT OUTPUT packet died: " $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP -- Всего наилучшего! greg@xxxxxxxxxxxx Григорий. -- To UNSUBSCRIBE, email to debian-firewall-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx Previous Message by Thread: click to view message previewscriptsI managed to configure a mashine with two NIC's using "ipchains" but every time I turn off the computer the configuration is lost. How can I overcome this problem? Should I write a script? How to make the debian mashine to execute it at startup? Stoyan Next Message by Thread: click to view message previewUNDELIVERED (was Re: Hi)Dear Netflix User, Your email has reached an automated mailbox. Email sent to this address does not reach our Customer Service team and will not receive a personal response. If you have a question you need answered right away, please visit our online Help Center at http://www.netflix.com/Help. It covers a wide variety of commonly asked questions. If you need to contact a customer service representative please visit http://www.netflix.com/ContactCustService. Thanks for contacting Netflix. Sincerely, Your Friends at Netflix Loading Comments...
|
|
