Re: Need_help_with_this_script
On Mon, May 28, 2001 at 01:02:54PM +0200, luismi@adp.adpsoft.com wrote:
> Does any one check is this firewall script has any bug?
just a few errors i found on looking over it
[...]
> PRIVPORTS="0:1023"
> UNPRIVPORTS="1024:65535"
> UNPRIVPORTS=`cat /etc/sysctl.conf | awk '/local_port/{print $3 ":" $4}'`
$UNPRIVPORTS gets overwritten by what should probably LOCALPORTS; so
better change the above line to:
LOCALPORTS=`cat /etc/sysctl.conf | awk '/local_port/{print $3 ":" $4}'`
and change the appropriate lines in the script
[...]
> SSH_PORTS="1020:1023"
this doesnt look good to me; you wont get many ssh-connections.
use the range "513:" or just $UNPRIVPORTS
[...]
> if [ -f /etc/init.d/firewall.bloqueados ]; then
> ./etc/init.d/firewall.bloqueados
i guess this file is not executable (and it shouldnt be); better source it
with:
. /etc/init.d/firewall.bloqueados
> fi
[...]
hth m
--
"Unix gives you just enough rope to hang yourself -- and then a
couple more feet, just to be sure." Eric Allman
Reply to: