james wrote: > Hello, > > I'm attempting to follow this wiki to build a test firewall running iptables: > http://gentoo-wiki.com/HOWTO_Iptables_for_newbies#QuickStart > > Kernel is 'hardened' with netfilter et al activated. > > It looks reasonable and is suppose to be up to date. > > My nics are set up in /etc/conf.d/net > iface_eth0="192.168.2.20 broadcast 192.168.2.255 netmask 255.255.255.0" > iface_eth1="192.168.3.11 broadcast 192.168.3.255 netmask 255.255.255.0" > iface_eth2="<snipped> broadcast <snipped> netmask 255.255.255.252" > routes_eth2=( "default gw <snipped>" ) > > All work fine. > > port forwarding is enabled: > > Rulesets get saved to /var/lib/iptables/rules-save > As specificed in /etc/conf.d/iptables > and > /etc/init.d/iptables is the script that launces iptables > plus rc-update add iptables default > > I think all of this is correct(correct me if I'm wrong). > > When I go to /etc/init to write my rules into firewall.sh > as specified in the aforementioned wiki I automatically get > this shoved into the script: > > #!/sbin/runscript > # Copyright 1999-2006 Gentoo Foundation > # Distributed under the terms of the GNU General Public License v2 > # $Header: $ > depend() { > } > start() { > } > stop() { > } > restart() { > } > > > > curiously none of the example talk about this. > > Is this the correct place to put my script(/etc/init.d/, > which is somewhat similar to the one suggested in the > wiki? > > > None of the examples I found googling discuss the details of where to put > the script, how to launch it and other such details. Any suggestion > are welcome. I have found lots of example scripts similar to my 3 nic > net/lan/dmz setup though. > > Any suggestions are very welcome. > > James > > > >
Actually IMHO gentoo has internal mechanism for dealing with iptables rules. After you are ready and sure the rules work OK, you do: 1) /etc/init.d/iptables save This would record your rules in /var/lib/iptables/rules-save as you issued the command "iptables-save > /var/lib/iptables/rules-save" ] Then you put iptables in the init sequence so the rules are restored at every system start: 2) rc-update add iptables default This would do "iptablebs-restore < /var/lib/iptables/rules-save" at every boot. 3) Additionally you can set some parameters in /etc/conf.d/iptables Hope This Helps -- Best regards Daniel -- gentoo-user@gentoo.org mailing list
