[olug] forgive me, for i am lazy

Roger Hubbard hubbardroger at msn.com
Sun Aug 8 19:34:57 UTC 2010 

I initially was going to ask if there were 
    "installation features?"
or
    "  if it made a difference "which distribution" you were/are running...

I see "iptables" within my fedora setup....
but my mac doesn't seem to be running the same unix/linux..
     says its DARWIN and there is a program called
        ipfw 
        which can be used to configure ip routing
           man ipfw says that it came from a FreeBSD distribution.
================
IPFW(8)                   BSD System Manager's Manual                  IPFW(8)
NAME
     ipfw -- IP firewall and traffic shaper control program
=====================

  The Ubuntu forum says to install GUFW
  Fedora doesn't seem to have that gui software.

Is there some way to save the current iptables setup, before
I run this script and crush everything?

I saw one set of commands from site that google listed...
   don't know if they are appropriate or not

Example
==============================================
For example, save current iptables firewall rules:
# iptables-save > /root/dsl.fw
To restore iptables rules:
# iptables-restore < /root/dsl.fw


that same web page says I'll need to add the restore command
in an rc file so that the rules are always loaded at boot..???

I was at the meeting (???) where there was discussion about iproute2..
I didn't have a linux system at that time, and then missed the next meeting.

Any thoughts about further discussion at one of the meetings?

Roger Hubbard


On Aug 8, 2010, at 8:46 AM, Jon Larsen wrote:

> I'm still using a modified version of Adam's firewall script from his OLUG presentation as my firewall:
> 
> http://olug.org/presentations/December2004/
> 
> In your situation, you can make your modifications, run the shell script, then do a iptables-save, that should save the rules it to /etc/sysconfig/iptables
> 
> Jon L.
> 
> On 08/07/2010 11:33 PM, William Langford wrote:
>> Currently it's a slackware box with a custom rc.foo.
>> 
>> I could make a script to create the iptables file but that seems a tad kludgey...
>> 
>> I don't mind it as a last resort tho.
>> 
>> Sent from my iPhone
>> 
>> On Aug 7, 2010, at 10:15 PM, Rob Townley<rob.townley at gmail.com>  wrote:
>> 
>>> On Sat, Aug 7, 2010 at 8:48 PM, Will Langford<unfies at gmail.com>  wrote:
>>>> i've not done much with a gateway / router type system under centos that
>>>> needs to handle a half dozen ip's and interfaces.  stand alone on the
>>>> internet sure (think simple web server or home server)... but nothing that
>>>> acts as the beach head for a network of hundreds of machines...
>>>> 
>>>> i tried for 10min to google this answer but was getting sick and tired of
>>>> reading unrelated pages... anyone care to point me in the right direction ?
>>>> 
>>>> i'm migrating this from a shell script and would like to possibly get it set
>>>> up entirely from /etc/sysconfig/iptables ?
>>>> 
>>>> is it possible to do bash style variable assignment in this file ?
>>>> 
>>>> in the shell script, i have interfaces and ip addresses assigned to
>>>> variables and then those variables used throughout the 7 page script.  i'd
>>>> really prefer to keep using variables in sysconfig/iptables as well...
>>>> 
>>>> -will
>>>> _______________________________________________
>>>> OLUG mailing list
>>>> OLUG at olug.org
>>>> https://lists.olug.org/mailman/listinfo/olug
>>>> 
>>> 
>>> So if you have a bash script that generates the
>>> /etc/sysconfig/iptables file like
>>> http://www.adamhaeder.com/sample_firewall.html,
>>> then why are variables needed in iptables itself?
>>> 
>>> Now, that i look at this again, i don't see a COMMIT at
>>> the end.
>>> 
>>> Anything touching this file will probably sound off all kinds of
>>> silent selinux alarm bells,
>>> remember the capital Z in ls -Z to get selinux labels and sestatus.
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> https://lists.olug.org/mailman/listinfo/olug
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
> 
> 
> -- 
> Jon H. Larsen  - relayer -at- levania -dot- org
> Blog - http://www.levania.org/~relayer/
> VP of Community Development, Omaha Linux Users Group - http://www.olug.org/
> AnimeSunday.org - http://www.animesunday.org/
> GPG/PGP Pubkey - http://www.levania.org/~relayer/relayerpubkey.txt
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>

More information about the OLUG mailing list