46 – /etc/init.d/ipfilter script

Bug 46 - /etc/init.d/ipfilter script

Summary: /etc/init.d/ipfilter script

Status:	RESOLVED DUPLICATE of bug 2355

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	x86 Linux

Importance:	High normal (vote)
Assignee:	Martin Schlemmer (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2002-01-06 03:59 UTC by Mikael Hallendal (hallski) (RETIRED)
Modified:	2005-07-17 13:06 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
ipfilter init-script (ipfilter,769 bytes, text/plain) 2002-01-06 04:00 UTC, Mikael Hallendal (hallski) (RETIRED)	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mikael Hallendal (hallski) (RETIRED) gentoo-dev

2002-01-06 03:59:04 UTC

I think it would be nice to have a /etc/init.d/ipfilter script that excecutes a
/etc/ipfilter/rc.firewall on start and /etc/ipfilter/flush.firewall on stop.
That way you don't have to edit files in /etc/init.d to setup your firewall.

Comment 1 Mikael Hallendal (hallski) (RETIRED) gentoo-dev

2002-01-06 04:00:46 UTC

Created attachment 27 [details]
ipfilter init-script

might need some love but I'm not a good bash-programmer :)

Comment 2 Daniel Robbins (RETIRED) gentoo-dev

2002-01-06 21:51:28 UTC

we could add a default firewall to /etc/conf.d, but it really should be integrated
into our new "net" design.

Comment 3 Mikael Hallendal (hallski) (RETIRED) gentoo-dev

2002-01-07 00:29:48 UTC

hmm .. noticing now that I wrote the wrong name, shouldn't be ipfilter, should
of course be iptables.

Anyway, an iptables-ebuild that depend on the net is probably what we want. If
the actual scripts lives in /etc/conf.d/iptables.{start,stop} or in
/etc/iptables/iptables.{start,stop} doesn't really matter to me.

Comment 4 Mikael Hallendal (hallski) (RETIRED) gentoo-dev

2002-01-07 00:30:13 UTC

Added Azarah to the CC-list of this issue.

Comment 5 Spider (RETIRED) gentoo-dev

2002-03-19 20:25:43 UTC

Good idea would probably to place this "after" pcmcia (for all those who use
pcmcia networking) as well as depends on net.

as for the firewall script, some recommend mon-motha's scripts, or we could brew
our own one.

Comment 6 Troy Dack 2002-03-21 16:49:53 UTC

A nice easy to implement iptables script is gShield 
(http://muse.linuxmafia.org/gshield.html)

I've got it running under gentoo quite easily.

Comment 7 Jerry Haltom 2002-04-01 23:37:10 UTC

I vote to not include any default firewall rules.  So I won't.  Im gonna put
this together the best I can figure out.  Where should firewall state be saved?
 My first impression is to store it in /etc/conf.d/firewall, so I will.

Comment 8 Jerry Haltom 2002-04-02 00:01:06 UTC

#!/sbin/runscript
# Copyright 1999-2002 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License, v2 or later
# $Header: /home/cvsroot/gentoo-src/rc-scripts/init.d/iptables,v 1.0 2002/04/01
24:10:28 ssrit Exp $

depend() {
	need net
}

start() {
	ebegin "Loading iptables state and starting firewall"

	if [ ! -f /etc/conf.d/iptables ]
	then
		iptables-restore < /etc/conf.d/iptables
	fi

	eend $?
}

stop() {
	ebegin "Stopping firewall and saving iptables state"

	iptables-save > /etc/conf.d/iptables
	iptables -F

	eend $?
}


If this is good, here it is.  I just wanted to contribute. =)  Very simple
obviously.

Comment 9 Bruce A. Locke (RETIRED) gentoo-dev

2002-05-16 23:58:43 UTC


*** This bug has been marked as a duplicate of 2355 ***