Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 46

Summary: /etc/init.d/ipfilter script
Product: Gentoo Linux Reporter: Mikael Hallendal (hallski) (RETIRED) <hallski>
Component: [OLD] Core systemAssignee: Martin Schlemmer (RETIRED) <azarah>
Status: RESOLVED DUPLICATE    
Severity: normal CC: azarah
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: ipfilter init-script

Description Mikael Hallendal (hallski) (RETIRED) gentoo-dev 2002-01-06 03:59:04 UTC 
I think it would be nice to have a /etc/init.d/ipfilter script that excecutes a
/etc/ipfilter/rc.firewall on start and /etc/ipfilter/flush.firewall on stop.
That way you don't have to edit files in /etc/init.d to setup your firewall.
Comment 1 Mikael Hallendal (hallski) (RETIRED) gentoo-dev 2002-01-06 04:00:46 UTC 
Created attachment 27 [details]
ipfilter init-script

might need some love but I'm not a good bash-programmer :)
Comment 2 Daniel Robbins (RETIRED) gentoo-dev 2002-01-06 21:51:28 UTC 
we could add a default firewall to /etc/conf.d, but it really should be integrated
into our new "net" design.
Comment 3 Mikael Hallendal (hallski) (RETIRED) gentoo-dev 2002-01-07 00:29:48 UTC 
hmm .. noticing now that I wrote the wrong name, shouldn't be ipfilter, should
of course be iptables.

Anyway, an iptables-ebuild that depend on the net is probably what we want. If
the actual scripts lives in /etc/conf.d/iptables.{start,stop} or in
/etc/iptables/iptables.{start,stop} doesn't really matter to me.
Comment 4 Mikael Hallendal (hallski) (RETIRED) gentoo-dev 2002-01-07 00:30:13 UTC 
Added Azarah to the CC-list of this issue.
Comment 5 Spider (RETIRED) gentoo-dev 2002-03-19 20:25:43 UTC 
Good idea would probably to place this "after" pcmcia (for all those who use
pcmcia networking) as well as depends on net.

as for the firewall script, some recommend mon-motha's scripts, or we could brew
our own one.
Comment 6 Troy Dack 2002-03-21 16:49:53 UTC 
A nice easy to implement iptables script is gShield 
(http://muse.linuxmafia.org/gshield.html)

I've got it running under gentoo quite easily.
Comment 7 Jerry Haltom 2002-04-01 23:37:10 UTC 
I vote to not include any default firewall rules.  So I won't.  Im gonna put
this together the best I can figure out.  Where should firewall state be saved?
 My first impression is to store it in /etc/conf.d/firewall, so I will.
Comment 8 Jerry Haltom 2002-04-02 00:01:06 UTC 
#!/sbin/runscript
# Copyright 1999-2002 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License, v2 or later
# $Header: /home/cvsroot/gentoo-src/rc-scripts/init.d/iptables,v 1.0 2002/04/01
24:10:28 ssrit Exp $

depend() {
	need net
}

start() {
	ebegin "Loading iptables state and starting firewall"

	if [ ! -f /etc/conf.d/iptables ]
	then
		iptables-restore < /etc/conf.d/iptables
	fi

	eend $?
}

stop() {
	ebegin "Stopping firewall and saving iptables state"

	iptables-save > /etc/conf.d/iptables
	iptables -F

	eend $?
}


If this is good, here it is.  I just wanted to contribute. =)  Very simple
obviously.
Comment 9 Bruce A. Locke (RETIRED) gentoo-dev 2002-05-16 23:58:43 UTC 

*** This bug has been marked as a duplicate of 2355 ***