>Visham Ramsurrun wrote: > Hi to all, > > > > I was once told that in order to start a firewall > automatically when a > > machine boots, we must make sure that the init > process calls the > > script by making a symbolic link to that file in > the /etc/rc.d/rcX.d > > directories. > > > > I have found that there is a file called > S08iptables (kernel 2.4.20-8) > > containing startup commands for iptables service. > Do i delete it and > > then put the symbolic link to my script there or > just leave it? > > Leave that. You can use this to do your firewalling. > > > > > Let's say I have a firewall script called fw.sh > with the following rules in it: > > > > #!/bin/bash > > IPT=/sbin/iptables > > > > $IPT -F > > $IPT -X > > $IPT -P INPUT DROP > > $IPT -P OUTPUT DROP > > $IPT -P FORWARD DROP > > > > $IPT -A FORWARD -i eth0 -o eth0 -s 192.168.10.0/24 > -d 192.168.10.0/24 > > -m state --state NEW,ESTABLISHED,RELATED -p icmp > --icmp-type echo > > request -j ACCEPT > > > > $IPT -A FORWARD -i eth0 -o eth0 -s 192.168.10.0/24 > -d 192.168.10.0/24 > > -m state --state NEW,ESTABLISHED,RELATED -p icmp > --icmp-type echo > > reply -j ACCEPT > > > > What steps (where to create symbolic links, at > which runlevel, etc) > > should I take in order to have this script be > started automatically > > when PC boots up. How can I make sure that it is > this firewall script > > that is running and all packets are being checked > against these rules? > > > > Thx in advance.. > > > > Warm regards, > > Visham > > Option 1: You can do by adding the stuff to rc.local script in your redhat based distributions. There you just call your fw.sh file. Option 2: Use chkconfig tool to make it as init script. option 3: creats SXXXXXXX link to the fw.sh file in appropriate run-levels. Mostly for runlevel 3. Thanks, Venkat. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
