Jump to content



Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!

Replying to Iptables-adm


Post Options

    • Can't make it out? Click here to generate a new image

  or Cancel


Topic Summary

qwijibow

Posted 04 March 2005 - 01:21 PM

its an interesting script, but would it not be more simple to use the existing boot scripts

for example:
/etc/init.d/iptables save
/etc/init.d/iptables restore

or directly useing 

iptables-save > /etc/iptables.conf
iptables-restore < /etc/iptables.conf

k22

Posted 04 March 2005 - 12:33 AM

Hi, When I installed Iptables on my linux Box the first time I noticed that the Iptables-save and Iptables-restore commands were totaly useless, infact you need to redirect the output and input every time you use it..So i decided to create a very simple script that provides this functionality....
before starting you need to know how to add a rules in iptables and in general using iptables, if you just install iptables these 2 rules close all connections incoming on the mySQL & SSH ports, so only from localhost you can use this features(SSH in localhost is useless..but for an home workstation..)
# iptables -A INPUT -s ! 127.0.0.1 -p tcp -m tcp --dport 3306 -j DROP
# iptables -A INPUT -s ! 127.0.0.1 -p tcp -m tcp --dport 22 -j DROP
# iptables -L 
# iptables-save > ~/iptables/bakup
we make a backup of the current settings so if something goes wrong we don't lose time to fix
iptables-adm
#!/bin/sh

echo "Iptables Admin v0.3.0";

sc=$1
prefix=/usr/sbin #iptables binaries directory

. /etc/iptables/iptables.conf #iptables-adm settings file path

rules=( "${configfilerules[@]}" )

if [ -n "$2" ]
then
if [ `basename $2` = $2 ]
then
path=$PWD/$2
else
path=$2;
fi
else
path=$configfilepath
fi


case $sc in

"--help" | "-h" | "")
echo "Coder: k22  ---- Released under GNU/GPL license";
echo "Usage: ./iptables-adm COMMAND";
echo "Commands:";
echo "-s --save [FILE]     Save current settings of iptables to FILE or default file";
echo "-r --restore [FILE]  Restore saved settings of iptables";
echo "-d --default         Restore default settings of the config file";
echo "-l --last            Restore last settings of iptables(Saved on shutdown)";
echo "-h --help            Print this help menu";
echo "Boot/Shutdown Option:";
echo "start                Restore saved settings of iptables";
echo "stop                 Save last settings of iptables";

;;

"--restore" | "-r" | "start" | "-l" | "--last")
echo "Restoring Iptables...";
[ "$sc" == "-l" ] || [ "$sc" == "--last" ] && path=$configlast
if $prefix/iptables-restore $path
then
echo "Iptables restored from _ $path _";
else
echo "Iptables restoring fail";
fi
;;

"--save" | "-s" | "stop")
echo "Saving curent settings...";
[ "$sc" == "stop" ] && path=$configlast

if [ ! -e "$path" ]
then
echo "I'll make a new config file in _ $path _";
else
echo "I have found and old settings file in _ $path _";
fi

if $prefix/iptables-save > $path 
then
echo "Iptables settings saved in _ $path _";
else
echo "Iptables settings have not been saved in _ $path _";
fi
;;

"--default" | "-d")
echo "Restoring default setting...";

if [ -n "${rules[0]}" ] 
then
num=0

while [ "$num" -lt "${#rules[@]}" ]
do
if $prefix/iptables ${rules[$num]}
then
num=$(($num+1))
echo "Iptables default setting $num setted";
else 
exit
fi
done

else
echo "Iptables default settings have not been found";
fi
;;
esac
you have to place this file in /usr/local/sbin/ and in the /etc/rc.d/ so you can use it during the boot and when you're logged (DO NOT USE ln -s ,I've seen on some computers problems during the boot when a file in rc.d is a link to another one, i don't know why..so it's better to have 2 files)
now we need the config file
Config File
######################################
 #Iptables-adm  config file by k22 ########
 #####################################
 
 #If you insert file or any rules these will append to the default config#
 
 configfilepath="/etc/sysconfig/iptables-saved.conf"
 configlast="/etc/sysconfig/iptables-last.conf"
 
 configfilerules=("-A INPUT -s ! 127.0.0.1 -p tcp -m tcp --dport 22 -j DROP" "-A INPUT -s ! 127.0.0.1 -p tcp -m tcp --dport 3306 -j DROP")
you've to place the file in /etc/iptables/iptables.conf or if you change directory change also the path in the script

This file provides many information, first the name of the future file of the iptables settings
/etc/sysconfig/iptables-saved.conf
and then a bakup file
/etc/sysconfig/iptables-last.conf
in fact every time you shutdown the computer this script will save the last configuration in this file so if you forget to save you don't lose the work...

now you have to select during which runlevel you need iptables

with a sysv boot system you've to do these passages

# cd /etc/rc.d/rc.x //(where x is the runlevel selected)
# ln -s ../iptables-adm SXXiptables-adm //(where XX is number of the posistion you want to start it, it MUST be started after network and after iptables so 16-20 is enough for the most part of the computer)
# ln -s ../iptables-adm KYYiptables-adm //(as the last one but we decide when activate this script during the shutdown, 04-05 is ok)
now this script will restore the iptables settings each boot, now we've to save the setting in the default config file
# iptables-adm -s

now just reboot your machine and your settings will be restored

I hope this script is useful to someone other commands that cna be used are:
-l to restore the last config, saved during shutdown
-s filename to save on a specific file
-r filename to restore from a specfic file


I hope someone finds this file useful in my next tutorial I'll explain how to fix some bugs and how to install an old project that permits to see Iptables log, directly from web, and some addons that I've created for this project

Review the complete topic (launches new window)

  1. Open Discussion & Free Web Hosting
  2. Computers & Tech
  3. How-To's and Tutorials
  4. OS
  5. GNU/Linux
  6. Iptables-adm
  7. Rules