Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 204
  • Last Modified:

Where do you normally place the script that sets the firewall rules?

is it in rc.local?

And when would you normally use the save and restore rules?
0
rfr1tz
Asked:
rfr1tz
1 Solution
 
PaulBobbyCommented:
I am presuming IPTables?

What flavour of Linux?
0
 
ahoffmannCommented:
I'd make it its own rc-script, called right after the network setup (ifconfig, etc.)
If you like a paranoid setup, then make the routes depending on a successfull firewall setup ;-)

save and restore is up to you, I prefer manually.
But you may use save when system goes down (rc-firewall stop), and restore when system boots (rc-firewall start)
0
 
RahmathCommented:

You didnt mentioned by which program you have implemented the firewall and also you didnt mentioned which OS and version. if you are using ipchains, then save the rules by the following method,

    1. type the command "service ipchains save"
    2. make it sure that ipchains will start upon booting.
    3. to run ipchains up on booting, issue the command "ntsysv" , it is a text based tool to set the services which we want to run upon booting. so check the "ipchains" option from the screen and press -Ok-, then reboot your machine.


0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
kblack05Commented:
You can place firewall scripts anywhere, the default is
/etc/firewall.

init.d or rc is where you call the scripts from on boot time.

Note you might consider downloading and installing gShield

Its a nice frontend to IP tables, and makes one heck of a
hard target.

Regards,

~K Black
0
 
kblack05Commented:
Forgot to mention above, you can use iptables-save and iptables-restore any time.

In fact, I used gShield to build my walls, then later I
exported them with iptables-save >> snapshot.iptables.rules

Then my init.d is simply

/sbin/iptables-restore /path/to/snapshot.iptables.rules

Regards,

~Kelly W. Black
0
 
HartmanCommented:
RfR1Tz,

If it is going to be a script to create all the iptables chains and your on a linux/Solaris box the best place to store the main script is /etc/init.d/ Then add a softlink in the rc level directories you want to run at.

For example my is /etc/rc2/S99start_iptables which takes the "start" option and links to /etc/init.s/start_iptables.

Hartman
0
 
rfr1tzAuthor Commented:
These are all good answers. I had to pick one. Thanx for all y'all's help. (The only English? word with two ' )
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now