Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: hanscees on May 23, 2003, 03:26:20 AM

Title: alternative iptables script for you all
Post by: hanscees on May 23, 2003, 03:26:20 AM

Hi,

at
http://www.hanscees.net/iptables5

You can find the iptables script I use for the esmith 5.6 as server/gateway. It was made because I want to know what is logged and where. It does extensive logging of connections from the internal lan.

Please feel free to use and improve it. Please let me know of mistakes and if you use it.

greetings,

Hans-Cees

Title: Re: alternative iptables script for you all
Post by: Anthony de Waal on May 26, 2003, 02:05:27 AM

Hi,
I would like to try it, but have not yet found out how the built-in firewall from e-smith works, more specific: how can I turn it off and replace it with this one?
Kind greetings,
Thony

Title: Re: alternative iptables script for you all
Post by: hanscees on May 27, 2003, 12:58:41 AM

Hi,

what I do is add it to /etc/rc.d/rc.local and place it whereever you like.

I copied /etc/rc.d/init.d/iptables to iptables5 and then changed that script.

I also re-run it every 15 minutes (if something happens to iptables it will get refreshed in 15 minutes, which flushes all chains) by adding it to crontab
/etc/crontab

and the templates of crontab:
/etc/e-smith/templates/etc/crontab/....

You could also replace the /etc/rc.d/init.d script by it, but you must also find the template. I do not like replacing such scripts since after an upgrade your script will likely be gone.

hc