15.1 RC Script useing GFCC

#!/bin/bash #

# Firewall Script - Version 0.9.1 #

# chkconfig:   2345 09 99

# description:  firewall script for 2.2.x kernel

# Set for testing

# set -x #

# NOTES: #

# This script is written for RedHat 6.1 or better. #

# Be careful about offering public services like web or ftp servers. #

# INSTALLATION:

# 1. place this file in /etc/rc.d/init.d    (you'll have to be root..)

# call it something like "firewall" :-)

# make it root owned -->    "chown root.root (filename)"

# make it executable -->    "chmod 755 (filename)" #

# 2. use GFCC to create your firewall rules and export them to a file

# named /etc/gfcc/rules/firewall.rule.sh. #

# 3.  add the firewall to the RH init structure --> "chkconfig --add (filename)"

# next time the router boots,  things should happen automagically!

# sleep better at night knowing you are *LESS* vulnerable than before... #

# RELEASE NOTES

# 30 Jan,   2000 - Changed to GFCC script

# 11 Dec,   1999 - updated by Mark Grennan <mark@grennan.com>

# 20 July,   1999 - initial writing - Anthony Ball <tony@LinuxSIG.org> #

################################################

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

# Check that networking is up.

[ ${NETWORKING}  =  "no"  ]   && exit 0

# See how we are called case "$1" in

start)

# Start providing access

action "Starting firewall:   " /bin/true

/etc/gfcc/rules/firewall.rule.sh

echo

stop)

action "Stoping firewall:   " /bin/true echo 0 > /proc/sys/net/ipv4/ip_forward /sbin/ipchains -F input /sbin/ipchains -F output /sbin/ipchains -F forward

echo restart)

action "Restarting firewall:   " /bin/true $0 stop $0 start

echo

status)

# List out all settings /sbin/ipchains -L

test)

action "Test Mode firewall:   " /bin/true /sbin/ipchains -F input /sbin/ipchains -F output /sbin/ipchains -F forward echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/ipchains -A input -j ACCEPT /sbin/ipchains -A output -j ACCEPT /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -i  $PUBLIC -j MASQ

echo

*)

echo "Usage: $0 {start|stop|restart|status|test}" exit 1

esac

This script was generated by the Graphical Firewall program (GFCC). This is not the working rule set. This is the exported rules set.

#!/bin/sh

# Generated by Gtk+ firewall control center

IPCHAINS=/sbin/ipchains

localnet="192.16 8.1.0/24" firewallhost="192.16 8.1.1/32" localhost="172.0.0.0/8" DNS1="24.94.163.119/32" DNS2="24.94.163.12 4/32" Broadcast="2 55.2 55.2 55.2 55/3 2" Multicast="224.0.0.0/8" Any="0.0.0.0/0"

mail_grennan_com="192.168.1.1/32" mark_grennan_com="192.16 8.1.3/32"

$IPCHAINS -P input DENY

$IPCHAINS -P forward ACCEPT $IPCHAINS -P output ACCEPT

$IPCHAINS -F

$IPCHAINS -X

# input rules

 

$IPCHAINS

-A

input

-s

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-s

$IPCHAINS

-A

input

-s

$IPCHAINS

-A

input

-s

$IPCHAINS

-A

input

-s

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-p

$IPCHAINS

-A

input

-s

# forward rules

$IPCHAINS -A forward -s $localnet -d $Any -j MASQ

# output rules