FS#865 - Include firewall script in default install
Attached to Project:
Arch Linux
Opened by Petri Pennanen (suvarin) - Saturday, 01 May 2004, 13:07 GMT
Last edited by Judd Vinet (judd) - Saturday, 01 May 2004, 17:44 GMT
Opened by Petri Pennanen (suvarin) - Saturday, 01 May 2004, 13:07 GMT
Last edited by Judd Vinet (judd) - Saturday, 01 May 2004, 17:44 GMT
|
Details
It would be useful to have a default firewall script
included in the installation. Most Arch users tend to go
online directly after install to update packages etc.
Newbies especially often forget adding a firewall. Having a
simple default firewall would help newbies without hindering
advanced users too much.
My suggestion is to: 1. Do either A or B A. Create a default IPTABLES_CONF to be used with the iptables script in /etc/rc.d B. Create /etc/rc.d/firewall #!/bin/sh # # /etc/rc.d/firewall: start/stop firewall # # This is a simple firewall to protect your system after # install. It allows your system to connect to the outside # world while stopping all incoming traffic, exept that # initiated by you. Look fore more advanced options at # http://www.netfiler.org # if [ "$1" = "start" ]; then /usr/sbin/iptables -F /usr/sbin/iptables -P OUTPUT ACCEPT /usr/sbin/iptables -P FORWARD DROP /usr/sbin/iptables -P INPUT DROP /usr/sbin/iptables -A INPUT -i eth0 -m state \ --state ESTABLISHED,RELATED -j ACCEPT elif [ "$1" = "stop" ]; then killall -q /usr/sbin/iptables else echo "usage: $0 start|stop" fi #End of file 2. Add it by default to the daemons array in /etc/rc.conf (before the network-script is loaded). 3. Mention it in the documentation "3.1 Configuration Files" |
This task depends upon
Comment by Judd Vinet (judd) - Tuesday,
14 September 2004, 01:38 GMT
I've added a more practical firewall in the example file
simple_firewall.rules, included in the iptables package.