Package idea, Debian-Firewall.
Hey Debian-devels!
I have had a package idea, for a long time now. The idea, was a
package, containing a "Flush-all" firewall script. Adding this script to
be ran at bootup. Just for the simplicity. I tend to keep forgetting to
add it myself.
So tonight i took the time to create such a package.
What the package does, it creates a firewall script in
/etc/init.d/debian-firewall
looking like :
#!/bin/bash
FW_VER=0.1
echo -e "\nLoading Debian Firewall[ $FW_VER ] ...\n"
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
INSMOD=/sbin/insmod
# Flush old rules, and set ACCEPT as default policy
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
(now it contains a ACCEPT ssh rule, just to show that its run, yes it does flush your old firewall, sorry about that)
the postinst file looks like :
#!/bin/sh
set -e
if [ "$1" = "configure" ]; then
ln -s /etc/init.d/debian-firewall /etc/rc0.d/S20debian-firewall
ln -s /etc/init.d/debian-firewall /etc/rc1.d/S20debian-firewall
ln -s /etc/init.d/debian-firewall /etc/rc2.d/S20debian-firewall
ln -s /etc/init.d/debian-firewall /etc/rc3.d/S20debian-firewall
ln -s /etc/init.d/debian-firewall /etc/rc4.d/S20debian-firewall
ln -s /etc/init.d/debian-firewall /etc/rc5.d/S20debian-firewall
ln -s /etc/init.d/debian-firewall /etc/rc6.d/S20debian-firewall
fi
and the prerm file looks like :
#!/bin/sh
set -e
if [ "$1" = "remove" ]; then
rm /etc/rc0.d/S20debian-firewall
rm /etc/rc1.d/S20debian-firewall
rm /etc/rc2.d/S20debian-firewall
rm /etc/rc3.d/S20debian-firewall
rm /etc/rc4.d/S20debian-firewall
rm /etc/rc5.d/S20debian-firewall
rm /etc/rc6.d/S20debian-firewall
echo "Leaving firewall script in /etc/init.d/debian-firewall.backup."
cp /etc/init.d/debian-firewall /etc/init.d/debian-firewall.backup
fi
(it saves a backup of it before removing it)
looks good? Only problem though, is that im not a debiandeveloper. Have had thoughts about it, but never got around
to drag myself to a keysigning party, basicly because they are somewhat far away from me.
Anyway, feel like you want to try it : http://smurfnet.homelinux.net/files/debian-firewall_0.1-1_all.deb
btw im not a subscriber to debian-devel AT lists dot debian dot org, so if you have anything to add/ask mail me at this mailaddress:
smurfd AT smurfnet dot homelinux dot org
best regards
/Nicklas
Reply to: