Configuration of the “/etc/rc.d/init.d/firewall” script file for the Gateway Server | All about OS

Configuration of the “/etc/rc.d/init.d/firewall” script file for the Gateway Server

Категория: Securing and Optimizing

This is the configuration script file for our Gateway Server. This configuration allows unlimited traffic on the Loopback interface, ICMP, DNS Server and Client (53), SSH Server and Client (22), HTTP Server and Client (80), HTTPS Server and Client (443), POP Client (110), NNTP NEWS Client (119), SMTP Server and Client (25), I MAP Server (143), IRC Client (6667), ICQ Client (4000), FTP Client (20, 21), RealAudio / QuickTime Client, and OUTGOING TRACEROUTE requests by default.
If you don’t want some services listed in the firewall rules files for the Gateway Server that I make ON by default, comment them out with a “#” at the beginning of the line. If you want some other services that I commented out with a “#”, then remove the “#” at the beginning of their lines. If you have configured Masquerading on your server, don’t forget to uncomment the modules necessary to masquerade their respective services that you need like ip_masq_irc.o, ip_masq_raudio.o, etc under the “MODULES MASQUERADING” section of the firewall script file.
Create the firewall script file (touch /etc/rc.d/init.d/firewall) on your Gateway Server and add:
#!/bin/sh #
# Last modified by Gerhard Mourani: 04-25-2000
# Copyright (C) 1997, 1998,1999 Robert L. Ziegler
#
# Permission to use, copy, modify, and distribute this software and its
# documentation for educational, research, private and non-profit purposes,
# without fee, and without a written agreement is hereby granted.
# This software is provided as an example and basis for individual firewall
# development. This software is provided without warranty.
#
# Any material furnished by Robert L. Ziegler is furnished on an
# “as is” basis. He makes no warranties of any kind, either expressed
# or implied as to any matter including, but not limited to, warranty
# of fitness for a particular purpose, exclusivity or results obtained
# from use of the material.
#
# Invoked from /etc/rc.d/init.d/firewall.
# chkconfig: - 60 95
# description: Starts and stops the IPCHAINS Firewall \
# used to provide Firewall network services.
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
if [ ${NETWORKING} = “no” ]
then
exitO fi
if [! -x /sbin/ipchains ]; then
exitO fi
# See how we were called,
case “$1″ in start)

Страниц: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

« Build a kernel with Firewall Masquerading and Forwarding support
Deny access to some address »