1. Home
  2. Networking Firewalls
  3. Firewall Rules and Variables =/

Firewall Rules and Variables =/

i'm new to iptables and i found a sample firewall script and i was hoping someone could break down how variables run within the script. if anybody can point out what the variables are doing and just give a little insight as to whats going on in this script i would really appreciate it. i understand the basics about chains (forward, input, output) and jump actions. but what the hell does the "For" command do, and why is it seperated into public and private services, and how can the rules tell? if any other new guys are lookin at this i found a good site to get a basic picture of how things work:

formatting link
; thanks guys and have a great day.

#!/bin/bash # Rules for sample firewall

. /etc/init.d/functions . /etc/sysconfig/firewall/config

# VARIABLES SERVER_NAME="samplefirewall" SERVER_ADMIN_IP="192.168.1.5" SERVER_IP_LIST="${SERVER_ADMIN_IP} 192.168.1.2 192.168.1.3" SOURCE_RANGES_ALL="192.168.1.4"

RETVAL=0

start () {

echo -n " ${SERVER_NAME}: "

# Create forward_${SERVER_NAME}_in jump in forward_in table ${IPTABLES} -N forward_${SERVER_NAME}_in for i in ${SERVER_IP_LIST}; do ${IPTABLES} -A forward_in -d ${i} -j forward_${SERVER_NAME}_in done

# forward_${SERVER_NAME}_in rules # Public Services ${IPTABLES} -A forward_${SERVER_NAME}_in -d ${SERVER_ADMIN_IP} - p tcp -m multiport --dports

80,1111,1935,1755,554,110,443,993,995,5818,5001 -j ACCEPT ${IPTABLES} -A forward_${SERVER_NAME}_in -d 192.168.1.2 -p tcp - m multiport --dports 80,443 -j ACCEPT ${IPTABLES} -A forward_${SERVER_NAME}_in -d 192.168.1.3 -p tcp - m multiport --dports 80,443 -j ACCEPT echo -n "public "

# Private Services for i in ${SOURCE_RANGES_ALL}; do ${IPTABLES} -A forward_${SERVER_NAME}_in -s ${i} -d $ {SERVER_ADMIN_IP} -p tcp -m multiport --dports

20,21,22,80,443,5050,818,9001 -j ACCEPT done

echo "private " echo_success echo

RETVAL=$? return ${RETVAL}

}

stop () {

echo -n " ${SERVER_NAME}: "

# Remove references, flush table, then delete it for i in ${SERVER_IP_LIST}; do ${IPTABLES} -D forward_in -d ${i} -j forward_${SERVER_NAME}_in done ${IPTABLES} -F forward_${SERVER_NAME}_in ${IPTABLES} -X forward_${SERVER_NAME}_in

echo_success echo

RETVAL=$? return ${RETVAL}

}

case "$1" in start) start ;; stop) stop ;; restart|reload) stop start ;; *) echo $"Usage: $0 {start|stop|restart|reload}" exit 1 esac

exit $?

Reply to
romenyrr
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.