Package idea, Debian-Firewall.

Tue, 12 Oct 2004 21:31:56 -0500 

Hey Debian-devels!

I have had  a package idea, for a long time now. The idea, was a
package, containing a "Flush-all" firewall script. Adding this script to
be ran at bootup. Just for the simplicity. I tend to keep forgetting to
add it myself.

So tonight i took the time to create such a package.

What the package does, it creates a firewall script in
/etc/init.d/debian-firewall
looking like : 

#!/bin/bash

FW_VER=0.1

echo -e "\nLoading Debian Firewall[ $FW_VER ] ...\n"

IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
INSMOD=/sbin/insmod

# Flush old rules, and set ACCEPT as default policy
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD

$IPTABLES -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT

(now it contains a ACCEPT ssh rule, just to show that its run, yes it does 
flush your old firewall, sorry about that)

the postinst file looks like : 

#!/bin/sh
set -e
if [ "$1" = "configure" ]; then
        ln -s /etc/init.d/debian-firewall /etc/rc0.d/S20debian-firewall
        ln -s /etc/init.d/debian-firewall /etc/rc1.d/S20debian-firewall
        ln -s /etc/init.d/debian-firewall /etc/rc2.d/S20debian-firewall
        ln -s /etc/init.d/debian-firewall /etc/rc3.d/S20debian-firewall
        ln -s /etc/init.d/debian-firewall /etc/rc4.d/S20debian-firewall
        ln -s /etc/init.d/debian-firewall /etc/rc5.d/S20debian-firewall
        ln -s /etc/init.d/debian-firewall /etc/rc6.d/S20debian-firewall
fi


and the prerm file looks like : 

#!/bin/sh
set -e
if [ "$1" = "remove" ]; then
        rm /etc/rc0.d/S20debian-firewall
        rm /etc/rc1.d/S20debian-firewall
        rm /etc/rc2.d/S20debian-firewall
        rm /etc/rc3.d/S20debian-firewall
        rm /etc/rc4.d/S20debian-firewall
        rm /etc/rc5.d/S20debian-firewall
        rm /etc/rc6.d/S20debian-firewall

        echo "Leaving firewall script in /etc/init.d/debian-firewall.backup."
        cp /etc/init.d/debian-firewall /etc/init.d/debian-firewall.backup
fi
(it saves a backup of it before removing it)


looks good? Only problem though, is that im not a debiandeveloper. Have had 
thoughts about it, but never got around
to drag myself to a keysigning party, basicly because they are somewhat far 
away from me.

Anyway, feel like you want to try it : 
http://smurfnet.homelinux.net/files/debian-firewall_0.1-1_all.deb

btw im not a subscriber to debian-devel AT lists dot debian dot org, so if you 
have anything to add/ask mail me at this mailaddress:
smurfd AT smurfnet dot homelinux dot org

best regards
/Nicklas

Reply via email to