Peter Jordan <usernetwork@gmx.info> (Fr 29 Mai 2009 06:30:34 CEST): ... > Nun wollte ich mal Fragen, wie macht Ihr das? > Ist es sinnvoll das mit iptables zu machen oder ist es vielleicht besser > (nachdem man das Prinzip verstanden hat) auf firehol/shorewall/? > umzusteigen? Auf älten Systemen das Script im Anhang (welches die Firewall-Config in /etc/network/firewall (normalerweise als Shellscript) erwartet). Auf neueren Systemen ``ferm''. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann HS12-RIPE ----------------------------------------- gnupg encrypted messages are welcome - key ID: 48D0359B --------------- gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -
#! /bin/bash # © 2008 Heiko Schlittermann <hs@schlittermann.de> # $Id: firestart 3589 2008-01-21 21:21:24Z heiko $ # $URL: https://svn.schlittermann.de/is/firestart/trunk/firestart $ tmp=$(getopt -n $(basename 0) -o hm -l help,man -- $@) eval set -- $tmp while true; do o="$1"; shift case "$o" in -h|--help) pod2usage -verbose 0 $0; exit 0 ;; -m|--man) pod2usage -verbose 2 $0; exit 0 ;; --) break ;; esac done SCRIPT=${1-/etc/network/firewall} TMOUT=${2-10} TMPFILE=$(mktemp) function die() { echo "$(basename $0): $@" >&2; exit 1; } function save() { echo -n "saving firewall to $1... " >&2 iptables-save >$1 echo "ok" >&2 } function restore() { test -f $1 || return echo -en "\nrestoring firewall rules from $1... " >&2 iptables-restore <$1 echo "ok" >&2 rm -vf $1 } trap "test -f $TMPFILE && restore $TMPFILE" EXIT test -f $SCRIPT || die "$SCRIPT not found" save $TMPFILE unset REPLY if $SCRIPT; then read -t $TMOUT -p "OK? (yes/no) (timeout: ${TMOUT}s): " \ && test "$REPLY" == "yes" \ && echo "new firewall is active now" >&2 \ && rm $TMPFILE \ && exit 0 fi restore $TMPFILE # if it's not set, the read timed out and we want to # read the response now test "${REPLY+set}" || read -t 5 exit 1 =head1 NAME firestart - simple wrapper for safe firewall start =head1 SYNOPSIS firestart [filename [timeout]] firestart {-h|--help} | {-m|--man} =head1 DESCRIPTION This script just saves the current firewall state, starts the new one and waits for user input. If this input doesn't appear, the old state is restored. Same if the used doesn't confirm the new settings. The I<timeout> is the time (seconds) to wait for user input after starting the firewall (default: 10). The I<filename> is the name of the firewall script, it has to be executable (default: F</etc/network/firewall>). =head1 OPTIONS =over 4 =item B<-h>|B<--help> Short help. =item B<-m>|B<--man> Man page =back =head1 AUTHOR Heiko Schlittermann =cut
Attachment:
signature.asc
Description: Digital signature