Topic: new rules for firewall (SME 5.6)

[Lars]

> {
>
> $OUT = allow_udp_in(7002, 6003, 27005, 27010, 27011, 27015
> (1));
> }
>
>
> Expand template
> # /sbin/e-smith/expand-template /etc/rc.d/init.d/masq

It doesn't work, i have saved the file in /etc/e-smith/templates/etc/rc.d/init.d/masq/ and called it 45AllowCS but when i run the expand template then it gives me this error
ERROR in /etc/e-smith/templates//etc/rc.d/init.d/masq/45AllowCS: Program fragment delivered error <> at template line 1
ERROR: Template processing failed for //etc/rc.d/init.d/masq: 1 fragment generated errors
at /sbin/e-smith/expand-template line 66

I Hope that someone has come up with a solusion and wants to share it with me,

Thanks

Lars Nørgaard

[Bill Talcott]

Lars wrote:
>
> > {
> >
> > $OUT = allow_udp_in(7002, 6003, 27005, 27010, 27011, 27015
> > (1));
> > }
> >
> >
> > Expand template
> > # /sbin/e-smith/expand-template /etc/rc.d/init.d/masq
>
> It doesn't work, i have saved the file in
> /etc/e-smith/templates/etc/rc.d/init.d/masq/ and called it
> 45AllowCS but when i run the expand template then it gives me
> this error
> ERROR in
> /etc/e-smith/templates//etc/rc.d/init.d/masq/45AllowCS:
> Program fragment delivered error <> &esmith::__TEMPLATE__::1::allow_udp_in called at
> /etc/e-smith/templates//etc/rc.d/init.d/masq/45AllowCS line
> 3.>> at template line 1
> ERROR: Template processing failed for //etc/rc.d/init.d/masq:
> 1 fragment generated errors
> at /sbin/e-smith/expand-template line 66
>
> I Hope that someone has come up with a solusion and wants to
> share it with me,
>
> Thanks
>
> Lars Nørgaard

I don't know the scope of functions declared in template fragments, but it looks like you're trying to call a function [allow_udp_in(7002, 6003, 27005, 27010, 27011, 27015 (1));] that isn't defined. I don't have 5.6 to look at, but it's probably easier to just type out the lines you want to add, rather than using a function in your fragment.

Also, you shouldn't put your customizations in /templates/. http://www.e-smith.org/custom/

[Jon Blakely]

Lars,

Sorry, I put you on the wrong track in your previous post. I made an assumption that if there was an 'Allow_tcp_in' sub routine there was a, 'Allow_udp_in' subroutine. Unfortunately that is not the case.

Jon

[Lars]

Jon Blakely wrote:
>
> Lars,
>
> Sorry, I put you on the wrong track in your previous post. I
> made an assumption that if there was an 'Allow_tcp_in' sub
> routine there was a, 'Allow_udp_in' subroutine. Unfortunately
> that is not the case.
>
> Jon

Can you or someone else tell me how i can open UDP ports then?

Thanks a lot (if i get it to work)

// Lars Nørgaard

[Charlie Brady]

Jon Blakely wrote:

> Sorry, I put you on the wrong track in your previous post. I
> made an assumption that if there was an 'Allow_tcp_in' sub
> routine there was a, 'Allow_udp_in' subroutine. Unfortunately
> that is not the case.

There is, but only in the updated e-smith-packetfilter RPM in my contrib directory.

You'll also need to call the function correctly. You'll need to write a loop and call the function once for each port you wish to open.

Charlie

[Jon Blakely]

Ok Lars try this

Download

ftp://ftp.e-smith.org/pub/e-smith/contrib/CharlieBrady/5.6-PPTP/e-smith-packetfilter-1.13.0-07.noarch.rpm

and install

# rpm -Uvh e-smith-packetfilter-1.13.0-07.noarch.rpm

remove the template you made.

# mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq

# cd /etc/e-smith/templates-custom/etc/rc.d/init.d/masq

# pico 45AllowCS

cut and paste the following

{
$OUT = allow_udp_in(7002, (1));
$OUT = allow_udp_in(6003, (1));
$OUT = allow_udp_in(27005, (1));
$OUT = allow_udp_in(27010, (1));
$OUT = allow_udp_in(27011, (1));
$OUT = allow_udp_in(27015, (1));
}

and save

# /sbin/e-smith/expand-template /etc/rc.d/init.d/masq

# /sbin/e-smith/signal-event remoteaccess-update

and you should be done

Do a

# iptables -L

to check that the rules are there

Jon