[ale] iptables
Jim Popovitch
yahoo at jimpop.com
Fri Jan 16 17:31:07 EST 2009
On Fri, Jan 16, 2009 at 17:19, Paul Cartwright <ale at pcartwright.com> wrote:
> I looked up fail2ban, looks like it isn't ready for stable yet..
f2b is used on a lot of production sites/firewalls/etc. It utilizes
iptables, but is not a replacement for a proper installation of
iptables.
FWIW, your experiences with iptables is some linux distro dirty
laundry. No single distro seems to do firewalling well. I guess the
problem is that firewalls are different things to different people.
Here's an basic init.d script to start/stop iptables
--------------------------------------------
#!/bin/sh
set -e
iptables="/sbin/iptables"
iptables_save="/sbin/iptables-save"
iptables_restore="/sbin/iptables-restore"
ruleset="/etc/default/iptables"
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
initd_load () {
if [ -f "$ruleset" ]; then
echo -n "Iptables loading ruleset.."
$iptables_restore < "$ruleset"
echo "."
fi
}
initd_save () {
echo -n "Iptables saving ruleset.."
$iptables_save > $ruleset
echo "."
}
initd_clear () {
$iptables -F
$iptables -X
$iptables -Z
}
case "$1" in
start|reload)
initd_clear
initd_load
;;
stop)
initd_clear
;;
save)
initd_save
;;
*)
echo "$0 (start|stop|reload|save)"
;;
esac
exit 0
--------------------------------------------
-Jim P.
More information about the Ale
mailing list