i'm new to iptables and i found a sample firewall script and i was hoping someone could break down how variables run within the script. if anybody can point out what the variables are doing and just give a little insight as to whats going on in this script i would really appreciate it. i understand the basics about chains (forward, input, output) and jump actions. but what the hell does the "For" command do, and why is it seperated into public and private services, and how can the rules tell? if any other new guys are lookin at this i found a good site to get a basic picture of how things work:
#!/bin/bash # Rules for sample firewall
. /etc/init.d/functions . /etc/sysconfig/firewall/config
# VARIABLES SERVER_NAME="samplefirewall" SERVER_ADMIN_IP="192.168.1.5" SERVER_IP_LIST="${SERVER_ADMIN_IP} 192.168.1.2 192.168.1.3" SOURCE_RANGES_ALL="192.168.1.4"
RETVAL=0
start () {
echo -n " ${SERVER_NAME}: "
# Create forward_${SERVER_NAME}_in jump in forward_in table ${IPTABLES} -N forward_${SERVER_NAME}_in for i in ${SERVER_IP_LIST}; do ${IPTABLES} -A forward_in -d ${i} -j forward_${SERVER_NAME}_in done
# forward_${SERVER_NAME}_in rules # Public Services ${IPTABLES} -A forward_${SERVER_NAME}_in -d ${SERVER_ADMIN_IP} - p tcp -m multiport --dports
80,1111,1935,1755,554,110,443,993,995,5818,5001 -j ACCEPT ${IPTABLES} -A forward_${SERVER_NAME}_in -d 192.168.1.2 -p tcp - m multiport --dports 80,443 -j ACCEPT ${IPTABLES} -A forward_${SERVER_NAME}_in -d 192.168.1.3 -p tcp - m multiport --dports 80,443 -j ACCEPT echo -n "public "# Private Services for i in ${SOURCE_RANGES_ALL}; do ${IPTABLES} -A forward_${SERVER_NAME}_in -s ${i} -d $ {SERVER_ADMIN_IP} -p tcp -m multiport --dports
20,21,22,80,443,5050,818,9001 -j ACCEPT doneecho "private " echo_success echo
RETVAL=$? return ${RETVAL}
}stop () {
echo -n " ${SERVER_NAME}: "
# Remove references, flush table, then delete it for i in ${SERVER_IP_LIST}; do ${IPTABLES} -D forward_in -d ${i} -j forward_${SERVER_NAME}_in done ${IPTABLES} -F forward_${SERVER_NAME}_in ${IPTABLES} -X forward_${SERVER_NAME}_in
echo_success echo
RETVAL=$? return ${RETVAL}
}case "$1" in start) start ;; stop) stop ;; restart|reload) stop start ;; *) echo $"Usage: $0 {start|stop|restart|reload}" exit 1 esac
exit $?