#!/bin/bash # # rc.firewall - This file contains the variables and the startup/shutdown # of the firewall. # # Copyright (C) 2001 Curt Rebelein, Junior # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Library General Public # License as published by the Free Software Foundation; either # version 2 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Library General Public License for more details. # # You should have received a copy of the GNU Library General Public # License along with this library; if not, write to the # Free Software Foundation, Inc., 59 Temple Place - Suite 330, # Boston, MA 02111-1307, USA ###################################### ### first set the script variables ### ### (hack to suit your needs) ### ###################################### # where my binaries live IPC=/sbin/ipchains # where ipchains lives MODPROBE=/sbin/modprobe # where modprobe lives DEPMOD=/sbin/depmod # where depmod lives # local interface info LOIF=lo # local interface name (probably "lo") LOIP="127.0.0.1" # local interface ip # external interface info EXTIF=eth0 # external interface name EXTIP=`/sbin/ifconfig $EXTIF | grep inet | /usr/bin/cut -d : -f 2 | /usr/bin/cut -d \ -f 1` # get ip for $EXTIF EXTMASK=`/sbin/ifconfig $EXTIF | grep Mas | /usr/bin/cut -d : -f 4` # get mask for $EXTIF EXTNET=$EXTIP/$EXTMASK # external net based on $EXTIP and $EXTMASK # internal inteface info INTIF=eth1 # internal interface name INTIP=`/sbin/ifconfig $INTIF | grep inet | /usr/bin/cut -d : -f 2 | /usr/bin/cut -d \ -f 1` # get ip for $INTIF INTMASK=`/sbin/ifconfig $INTIF | grep Mas | /usr/bin/cut -d : -f 4` # get mask for $INTIF INTNET=$INTIP/$INTMASK # internal net based on $INTIP and $INTMASK # internal host information UNREGINT="192.168.1.2/32" # these are hosts on the internal network that are not registered but are in your NAT table # IANA reserved networks CLASS_A="10.0.0.0/8" # class A reserved network CLASS_B="172.16.0.0/12" # class B reserved network CLASS_C="192.168.0.0/16" # class C reserved network CLASS_D_MC="224.0.0.0/4" # class D reserved network CLASS_E_RN="240.0.0.0/5" # class E reserved network # broadcast hosts BC_SRC="0.0.0.0" # broadcast source BC_DEST="255.255.255.255" # broadcast destination # any possible address ANYWHERE="any/0" # anywhere in the world # trusted external/internal hosts SAFEEXT="199.199.151.13 216.160.46.164" # these are trusted external hosts SAFEINT="192.168.1.5 192.168.1.6" # there are trusted interal hosts # ports PRIVPORTS="0:1023" # privliged ports UNPRIVPORTS="1024:65535" # unprivliged ports # name servers NS="24.31.3.8 24.31.3.8 199.199.151.13" # my nameservers # email servers SMTP_GW="any/0" # my SMTP server POP_SERVER="any/0" # my POP server IMAP_SERVER="any/0" # my IMAP server # news servers NEWS_SERVER="any/0" # my news server # dhcp server DHCP_SERVER="24.31.3.22/32" # my DHCP server (this is here for those w/dynamic addresses via cable modem or whatever) # external proxy server PROXY_SERVER="cache.rebby.com" # my external proxy server PROXY_PORT="3128" # the port my proxy uses # internal ftp server INTFTP="192.168.1.6" # where the functions live FUNCTIONS=/etc/sysconfig/firewall/functions ############################# ### start the script here ### ############################# # source the functions . $FUNCTIONS # see how we care called case "$1" in -flush) # flush the chains/policies flushall ;; -start) # start the firewall start ;; -help) help ;; *) cd `/bin/pwd` $0 -help exit 1 esac # we're done!!! :-)