Re: adding ipfwadm rules
Randy Edwards (redwards@together.net) wrote:
: I've been playing around with masquerading (which has been going
: surprisingly smoothly -- great!:-). Well, I've got enough confidence in
: this that I want to have it come up whenever the machine is up.
:
: Being the Linux newbie that I am, I was wondering there the most
: appropriate place to add the ipfwadm lines would be.
:
: I'm thinking they'd be a "natural" for adding to /etc/init.d/network, but
: I was wondering if this is a good place for such commands or whether there's
: a standard place for such things.
Well, you should not modify or touch something that already exists, like
/etc/init.d/network. You should definitely create your own script under
/etc/init.d (call it ipfwadm, for example) and the run update-rc.d
(see man update-rc.d) to update the links to /etc/init.d/ipfwadm in the
/etc/rc?.d directories.
A good start point is this script that jaldhar@braincells.com
(Jaldhar H. Vyas) posted to Debian-user a couple of weeks ago:
-- BEGIN --
case "$1" in
start)
/sbin/ipfwadm -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -I -p accept
/sbin/ipfwadm -O -p accept
echo "Firewall and masquerading rules set"
;;
stop)
/sbin/ipfwadm -F -f
/sbin/ipfwadm -I -f
/sbin/ipfwadm -O -f
;;
*)
echo "Usage: /etc/init.d/ipfw {start|stop}"
exit 1
esac
exit 0
-- END --
Modify the above script acording to your needs and put it in
/etc/init.d/ipfwadm, then run update-rc.d.
Regards,
E.-
--
Eloy A. Paris
Information Technology Department
Rockwell Automation de Venezuela
Telephone: +58-2-9432311 Fax: +58-2-9430323
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: