Re: iptables, firehol, shorewall oder ... ?

To: debian-user-german@lists.debian.org
Subject: Re: iptables, firehol, shorewall oder ... ?
From: Heiko Schlittermann <hs@schlittermann.de>
Date: Fri, 29 May 2009 09:46:40 +0200
Message-id: <[🔎] 20090529074640.GH28842@jumper.schlittermann.de>
Mail-followup-to: debian-user-german@lists.debian.org
In-reply-to: <[🔎] gvnodd$2qk$1@ger.gmane.org>
References: <[🔎] gvnodd$2qk$1@ger.gmane.org>

Peter Jordan <usernetwork@gmx.info> (Fr 29 Mai 2009 06:30:34 CEST):
...
> Nun wollte ich mal Fragen, wie macht Ihr das?
> Ist es sinnvoll das mit iptables zu machen oder ist es vielleicht besser  
> (nachdem man das Prinzip verstanden hat) auf firehol/shorewall/?  
> umzusteigen?

Auf älten Systemen das Script im Anhang (welches die Firewall-Config
in /etc/network/firewall (normalerweise als Shellscript) erwartet).

Auf neueren Systemen ``ferm''.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann HS12-RIPE -----------------------------------------
 gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
 gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B -

#! /bin/bash
# © 2008 Heiko Schlittermann <hs@schlittermann.de>
# $Id: firestart 3589 2008-01-21 21:21:24Z heiko $
# $URL: https://svn.schlittermann.de/is/firestart/trunk/firestart $

tmp=$(getopt -n $(basename 0) -o hm -l help,man -- $@)
eval set -- $tmp
while true; do
    o="$1"; shift
    case "$o" in
	-h|--help)  pod2usage -verbose 0 $0; exit 0 ;;
	-m|--man)   pod2usage -verbose 2 $0; exit 0 ;;
	--)	    break      ;;
    esac
done


SCRIPT=${1-/etc/network/firewall}
TMOUT=${2-10}
TMPFILE=$(mktemp)

function die()  { echo "$(basename $0): $@" >&2; exit 1; }
function save() { 
    echo -n "saving firewall to $1... " >&2
    iptables-save >$1
    echo "ok" >&2
}
function restore() { 
    test -f $1 || return
    echo -en "\nrestoring firewall rules from $1... " >&2
    iptables-restore <$1
    echo "ok" >&2
    rm -vf $1
}

trap "test -f $TMPFILE && restore $TMPFILE" EXIT

test -f $SCRIPT || die "$SCRIPT not found"

save $TMPFILE

unset REPLY

if $SCRIPT; then
    read -t $TMOUT -p "OK? (yes/no) (timeout: ${TMOUT}s): " \
	&& test "$REPLY" == "yes" \
	&& echo "new firewall is active now" >&2 \
	&& rm $TMPFILE \
	&& exit 0
fi

restore $TMPFILE

# if it's not set, the read timed out and we want to
# read the response now
test "${REPLY+set}" || read -t 5

exit 1

=head1 NAME

firestart - simple wrapper for safe firewall start

=head1 SYNOPSIS

    firestart [filename [timeout]]
    firestart {-h|--help} | {-m|--man}

=head1 DESCRIPTION

This script just saves the current firewall state, starts the new one
and waits for user input. If this input doesn't appear, the old state
is restored. Same if the used doesn't confirm the new settings.

The I<timeout> is the time (seconds) to wait for user input after starting the
firewall (default: 10). The I<filename> is the name of the firewall
script, it has to be executable (default: F</etc/network/firewall>).

=head1 OPTIONS

=over 4

=item B<-h>|B<--help>

Short help.

=item B<-m>|B<--man>

Man page

=back


=head1 AUTHOR

Heiko Schlittermann

=cut

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- iptables, firehol, shorewall oder ... ?
  - From: Peter Jordan <usernetwork@gmx.info>

Prev by Date: Re: Update-Server
Next by Date: Re: (Blöde) Frage zu xfce4
Previous by thread: Re: iptables, firehol, shorewall oder ... ?
Next by thread: Re: iptables, firehol, shorewall oder ... ?
Index(es):
- Date
- Thread