The firewall scripts files
ipchains -A output -i $EXTERNAL_INTERFACE -p udp \ -s $IPADDR $TRACEROUTE_SRC_PORTS \ -d $ANYWHERE $TRACEROUTE_DEST_PORTS -j ACCEPT
# Enable logging for selected denied packets
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \ -d $IPADDR -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -p udp \ -d $IPADDR $PRIVPORTS -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -p udp \
-d $IPADDR $UNPRIVPORTS -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -p icmp \ -s $ANYWHERE 5 -d $IPADDR -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -p icmp \ -s $ANYWHERE 13:255 -d $IPADDR -j DENY -I
stop)
echo -n “Shutting Firewalling Services:”
# Remove all existing rules belonging to this filter
ipchains -F
# Delete all user-defined chain to this filter
ipchains -X
# Reset the default policy of the filter to accept,
ipchains -P input ACCEPT
ipchains -P output ACCEPT ipchains -P forward ACCEPT
status)
status firewall
restart|reload) $0 stop $0 start
echo “Usage: firewall {start|stop|status|restart|reload}” exit 1 esac
exitO
Now, make this script executable and change its default permissions: [root@deep /]# chmod 700 /etc/rc.d/init.d/firewall [root@deep /]# chown 0.0 /etc/rc.d/init.d/firewall
Create the symbolic red links for your Firewall with the following command: [root@deep /]# chkeonfig -add firewall [root@deep /]# chkeonfig -level 345 firewall on
Now, your firewall rules are configured to use System V init (System V init is in charge of starting all the normal processes that need to run at boot time) and it will be automatically started each time your server reboots.
• To manually stop the firewall on your system, use the following command:
[root@deep /]# /etc/rc.d/init.d/firewall stop
Shutting Firewalling Services: [ OK ]
• To manually start the firewall on your system, use the following command:
[root@deep /]# /etc/rc.d/init.d/firewall start
Starting Firewalling Services: [ OK ]