Re: Need_help_with_this_script

To: debian-firewall@lists.debian.org
Subject: Re: Need_help_with_this_script
From: Matthias Zeichmann <a9509261@unet.univie.ac.at>
Date: Mon, 28 May 2001 13:46:39 +0200
Message-id: <[🔎] 20010528134636.A93550@unet.univie.ac.at>
Mail-followup-to: debian-firewall@lists.debian.org
Reply-to: a9509261@unet.univie.ac.at
In-reply-to: <[🔎] 200105281102.f4SB2so16559@adp.adpsoft.com>; from luismi@adp.adpsoft.com on Mon, May 28, 2001 at 01:02:54PM +0200
References: <[🔎] 200105281102.f4SB2so16559@adp.adpsoft.com>

On Mon, May 28, 2001 at 01:02:54PM +0200, luismi@adp.adpsoft.com wrote:
> Does any one check is this firewall script has any bug?

just a few errors i found on looking over it

[...]
> PRIVPORTS="0:1023"
> UNPRIVPORTS="1024:65535"
> UNPRIVPORTS=`cat /etc/sysctl.conf | awk '/local_port/{print $3 ":" $4}'`

$UNPRIVPORTS gets overwritten by what should probably LOCALPORTS; so 
better change the above line to:

LOCALPORTS=`cat /etc/sysctl.conf | awk '/local_port/{print $3 ":" $4}'`

and change the appropriate lines in the script

[...]
> SSH_PORTS="1020:1023"

this doesnt look good to me; you wont get many ssh-connections.
use the range "513:" or just $UNPRIVPORTS

[...]
> if [ -f /etc/init.d/firewall.bloqueados ]; then
>         ./etc/init.d/firewall.bloqueados

i guess this file is not executable (and it shouldnt be); better source it
with:

	. /etc/init.d/firewall.bloqueados

> fi
[...]

hth m
-- 
"Unix gives you just enough rope to hang yourself -- and then a
couple more feet, just to be sure."                       Eric Allman

Reply to:

Follow-Ups:
- Re: Need_help_with_this_script
  - From: LuisMi <luismi@adpsoft.com>

References:
- Need_help_with_this_script
  - From: luismi@adp.adpsoft.com

Prev by Date: Re: Need_help_with_this_script
Next by Date: Re: Building Debian firewall
Previous by thread: Re: Need_help_with_this_script
Next by thread: Re: Need_help_with_this_script
Index(es):
- Date
- Thread