Archived

This topic is now archived and is closed to further replies.

iptables and auto-starting scripts

This topic is 5175 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

How do i make a schell script run automatically at boot? I'm trying to apply my iptables rules, and i seem to remember that last time i tried this (about a year and a half ago), I made a "rc.firewall" file in /etc/rc.d/init.d/. But its not working this time, the rules aren't being applied. Here's the rc.firewall file if it matters:
#!/bin/sh

IPTABLES="/usr/sbin/iptables"

/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state

# Enable packet forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward

# Delete and flush. Default table is "filter".
#  Others like "nat" must be explicitly stated.
$IPTABLES --flush
$IPTABLES --table nat --flush
$IPTABLES --delete-chain
$IPTABLES --table nat --delete-chain

# Set up IP FORWARDing and Masquerading
$IPTABLES --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
$IPTABLES --append FORWARD --in-interface eth1 -j ACCEPT

# Allow loopback access
$IPTABLES -A INPUT -i lo -p all -j ACCEPT
$IPTABLES -A OUTPUT -o lo -p all -j ACCEPT

# Accept established connections
$IPTABLES -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset

# Allow FTP, HTTP, etc
$IPTABLES -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
$IPTABLES -A INPUT -p udp -i eth0 --dport 21 -j ACCEPT
$IPTABLES -A INPUT -p tcp -i eth0 --dport 25 -j ACCEPT
$IPTABLES -A INPUT -p udp -i eth0 --dport 25 -j ACCEPT
#$IPTABLES -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
#$IPTABLES -A INPUT -p udp -i eth0 --dport 80 -j ACCEPT

# Allow Samba connections
$IPTABLES -A INPUT -p tcp --syn -s 192.168.0.0/24 --destination-port 139 -j ACCEPT
$IPTABLES -A INPUT -p tcp --syn -s trancas --destination-port 139 -j ACCEPT

# Drop all other connections
$IPTABLES -P INPUT DROP
So, how do i get that script to run at bootup? Edit: Typo Edit #2: I should probably mention this is under Red Hat 9 Thanks, Steve [edited by - Evil Bill on October 11, 2003 2:48:30 PM]

Share this post


Link to post
Share on other sites
Heh, you''re on a fury of questions Bill. =)

You''re on the right track. Create your rc.firewall script in /etc/rc.d/init.d, then create symlinks from /etc/rc.d/rc3.d and /etc/rc.d/rc5.d.

Interim

Share this post


Link to post
Share on other sites
Hmm.. .tried that, no joy

I can't remember what i did the last time, but Silent Reaper helped me via e-mail.
I'm pretty sure i edited a file, and then added rc.firewall...
I should archive my mail

Yeah, I'm a linux newbie I'm writing all this down so i can use it next time i install, heh. What do rc3.d and rc5.d do?

Thanks for the reply,
Steve

[edited by - Evil Bill on October 11, 2003 8:02:08 PM]

Share this post


Link to post
Share on other sites
Evil Bill,

Assuming your running redhat, when you place symlinks into the rc3.d directory it tells the os to start the script on startup. There are some stipulations however. 1st you must make the script have start/stop commands. if you were to execute it, it would look like this: ''./rc.firewall {start|stop}'' Now when you create the symlink in the directory, you need it to run as root. You can do this by calling the file something beginning with ''S9'' (If you need a reference, check out all the other symlinks in there!). This tells redhat to start the script with a runlevel of 9 (ie root) and the S specifies that it is going to call the script name and add a ''start'' to the front of it. If you want it to shutdown, you will need to add a symlink to the file under the rc6.d directory.

Hope that helps you out, good luck with it.

-brad

Share this post


Link to post
Share on other sites