RE: Some confuisions about following script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a script so it's like a language to some extend..


"What is LOGLIMIT "
LOGLIMIT is just something he's used as a variable.


"What is LOGLIMITBURST and"
Same as above.

"What is --log-prefix "fp=INVALID:1 a=DROP " "
This is what's put in the syslogs in front of the packet so it is recognisable..
ie. I used --log-prefix "INETPKT " when means it's an internet packet. I also use --log-prefix "VPNPKT " which tells me this packet was from my VPN.. etc..etc.. it's just a log label.

Alot of scripts do this because it's easier to manage.. eg.
---example script--

#!/bin/bash

# Define variables
WRKVPN="ppp+"
IPSEC0="ipsec0"
EXTDEV="eth1"
INTSN="192.168.1.0/24"
PUBPORTS="1024:65535"
#
#
echo -n "  Configuring  : Enabling some ICMP"
#
#
$IPTABLES -A INPUT -i $EXTDEV -p icmp --icmp-type echo-request -j ACCEPT
$IPTABLES -A INPUT -i $EXTDEV -p icmp --icmp-type echo-reply   -j ACCEPT
$IPTABLES -A INPUT -i $EXTDEV -p icmp --icmp-type 3            -j ACCEPT
$IPTABLES -A INPUT -i $EXTDEV -p icmp --icmp-type 11           -j ACCEPT
success;echo

Now with the above script, can you imagine what a pain it would be if I changed my network card from eth1 to eth2 because I've added a DMZ or something.. all the lines with "-i eth1" would need changing... so variable fix that..


-----Original Message-----
From: Salman Ahmed [mailto:syd_salman@xxxxxxxxx]
Sent: Saturday, May 24, 2003 8:20 AM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Some confuisions about following script


I have downloaded one script from internet which some
parts are making confusion which are:

####################################################
#----Create logging chains-----#

##These are the logging-chains. They all have a
certain limit of log-entries/sec to prevent
log-flooding
##The syslog-entries will be fireparse-compatible (see
http://www.fireparse.com)

#Invalid packets (not ESTABLISHED,RELATED or NEW)
	$IPTABLES -N LINVALID
	$IPTABLES -A LINVALID -m limit --limit $LOGLIMIT
--limit-burst $LOGLIMITBURST -j LOG --log-prefix
"fp=INVALID:1 a=DROP " $IPTABLES -A LINVALID -j DROP

#####################################################


I am having following confusions.

What is LOGLIMIT 
What is LOGLIMITBURST and
What is --log-prefix "fp=INVALID:1 a=DROP "

How can we only block mns messenger and yahoo
messenger?

How can we block all communications except www. 


Please help me out.

Best Regards
Salman

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux