Firewall Rules and Variables =/

Secure Home | Search | About

Lost Password?

Networking Firewalls

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject	Author	Date
Firewall Rules and Variables =/	romenyrr	09-20-2007

Posted by on September 20, 2007, 1:49 pm

If you were Registered and logged in, you could reply and use other advanced thread options

i'm new to iptables and i found a sample firewall script and i was
hoping someone could break down how variables run within the script.
if anybody can point out what the variables are doing and just give a
little insight as to whats going on in this script i would really
appreciate it. i understand the basics about chains (forward, input,
output) and jump actions. but what the hell does the "For" command do,
and why is it seperated into public and private services, and how can
the rules tell? if any other new guys are lookin at this i found a
good site to get a basic picture of how things work:
http://wiki.centos.org/HowTos/Network/IPTables ; thanks guys and have
a great day.

#!/bin/bash
# Rules for sample firewall

. /etc/init.d/functions
. /etc/sysconfig/firewall/config

# VARIABLES
SERVER_NAME="samplefirewall"
SERVER_ADMIN_IP="192.168.1.5"
SERVER_IP_LIST="$ 192.168.1.2 192.168.1.3"
SOURCE_RANGES_ALL="192.168.1.4"

RETVAL=0

start () {

echo -n " $: "

# Create forward_$_in jump in forward_in table
$ -N forward_$_in
for i in $; do
$ -A forward_in -d $ -j forward_$_in
done

# forward_$_in rules
# Public Services
$ -A forward_$_in -d $ -
p tcp -m multiport --dports
80,1111,1935,1755,554,110,443,993,995,5818,5001 -j ACCEPT
$ -A forward_$_in -d 192.168.1.2 -p tcp -
m multiport --dports 80,443 -j ACCEPT
$ -A forward_$_in -d 192.168.1.3 -p tcp -
m multiport --dports 80,443 -j ACCEPT
echo -n "public "

# Private Services
for i in $; do
$ -A forward_$_in -s $ -d $
-p tcp -m multiport --dports
20,21,22,80,443,5050,818,9001 -j ACCEPT
done

echo "private "
echo_success
echo

RETVAL=$?
return $

}

stop () {

echo -n " $: "

# Remove references, flush table, then delete it
for i in $; do
$ -D forward_in -d $ -j forward_$_in
done
$ -F forward_$_in
$ -X forward_$_in

echo_success
echo

RETVAL=$?
return $

}

case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
start
;;
*)
echo $"Usage: $0 "
exit 1
esac

exit $?

Similar Threads	Posted
Firewall rules	June 28, 2007, 11:03 am
Would these firewall rules work for me?	March 31, 2005, 12:55 am
Comparing firewall rules	April 3, 2005, 1:41 am
view all norton firewall rules	February 26, 2005, 8:09 pm
Help needed - Firewall rules with D-Link DI-604	March 10, 2005, 12:57 pm
Firewall rules ~ Fresh XP install	December 28, 2005, 1:14 pm
Audit Nokia firewall rules	April 20, 2007, 11:57 am
Care/encryption of firewall rules	April 27, 2008, 9:11 am
Re: Applying NAT Rules in Firewall-1 To External Targets Only?	September 1, 2006, 3:29 am
Confused by "rules" in Kerio personal firewall 4.1	June 26, 2007, 8:01 pm

The site map in XML format XML site map