A few questions about scripting for Iptables.

To: debian-firewall@lists.debian.org
Subject: A few questions about scripting for Iptables.
From: "Kevin D. White" <web_crawlz@yahoo.com>
Date: Thu, 20 May 2004 13:42:02 -0700 (PDT)
Message-id: <[🔎] 20040520204202.20405.qmail@web41710.mail.yahoo.com>

Hello all!

Ok, so I would like to start scripting and I would
really like my script to be like Valerio's (OBC)
script but there are a few things I don't understand
and I was wondering if someone can help me out.

Here's what I am talking about:
 
# ip for the external interface (assuming EXT_IF is
the external)
EXT_IP=`ifconfig $EXT_IF | grep "addr:" | cut -d: -f 2
| cut -d\  -f1`

???? What is stored in EXT_IP?  why the single '' ? Is
there a declaration of EXT_IP somewhere?

# set the network address
INT_NET="$INT_IP/$INT_MASK"

???? What is taking place here?  What significance
does '/' have?

#setup the logging chain
$FW -N LOGDROP 2>/dev/null

???? I see that a new chain is built but I am not sure
about '2>/dev/null',


???? Now the following code looks really cool, I think
it is building a command line interface, yes?  Why is
"Flushing firewall and setting default policies to 
	DROP" commented out, does this not need to be done if
the tables are cleared?  How about the case "$1"?  I
would like to know how that works.

# See how we were called.
case "$1" in
  start)
    /etc/ocb_networking/firewall.sh
    /etc/ocb_networking/masquerade.sh
    ;;

  stop)
    echo -e "\nFlushing firewall and setting default
policies to 
	CLEAR\n"
    /etc/init.d/iptables clear

    #echo -e "\nFlushing firewall and setting default
policies to 
	DROP\n"
    #$IPTABLES -P INPUT DROP
    #$IPTABLES -F INPUT
    #$IPTABLES -P OUTPUT DROP
    #$IPTABLES -F OUTPUT
    #$IPTABLES -P FORWARD DROP
    #$IPTABLES -F FORWARD
    #$IPTABLES -F -t nat
    # Delete all User-specified chains
    #$IPTABLES -X
    #
    # Reset all IPTABLES counters
    #$IPTABLES -Z
    ;;
	

  restart)
    $0 stop
    $0 start
    ;;

  status)
    $IPTABLES -L
    ;;

  mlist)
    cat /proc/net/ip_conntrack
    ;;

  *)
    echo "Usage: ocb_networking
{start|stop|restart|status|mlist}"
    exit 1
esac

???? what is this "esac"?
exit 0


I know these questions are probably really simple but
the only script I intend to work on is for Iptables
and no other mail lists will know anything about that,
tell me to ask here I bet... :(.

Thanks,
Kevin


	
		
__________________________________
Do you Yahoo!?
Yahoo! Domains ? Claim yours for only $14.70/year
http://smallbusiness.promotions.yahoo.com/offer

Reply to:

Follow-Ups:
- Re: A few questions about scripting for Iptables.
  - From: Ansgar -59cobalt- Wiechers <bugtraq@planetcobalt.net>

Prev by Date: BitDefender found an infected object
Next by Date: contest for bath room
Previous by thread: BitDefender found an infected object
Next by thread: Re: A few questions about scripting for Iptables.
Index(es):
- Date
- Thread