I feel somewhat productive today. :)
I've written a few new scripts (and improved an old one) that I'd like
some feedback on. Some of you might find them very useful.
The old script is init.firewall. This sh script should make it
relatively easy to configure your linux firewall (using ipchains). All
configuration is done with a few variables at the top of the file, and
they should be commented well enough to understand (this time). They
really should be moved out, into a /etc/sysconfig/firewall file, but
then I'd have to distribute either two files, or a tarball. If I ever
write a good configuration utility for this (and I plan to), then I will
probably package the thing as an rpm. In the meantime, edit the file,
and drop it in /etc/rc.d/init.d. Use ntsysv or chkconfig to turn it on.
The second is a tarball that makes it relatively simple to set up VPN's
with ssh and pppd. There is no daemon associated with the vpn server
aside from ssh, which should make the security minded very happy. pppd,
however, has to be suid root on the server. (tell me if you find a way
around that) The client scripts are an extention of Red Hat's current
ifup/ifdown system, and do not require you to modify any of the existing
scripts. It uses Red Hat's existing facilities, including usernetctl,
so that should you wish, non-root users can bring the vpn up and down
with out any additional suid software or sudo. I spent longer
documenting this package than actually implementing it, so I hope that
the directions are very clear.
I would REALLY like feedback on these scripts. Is the documentation
sufficient/accurate? Does it work for you? How can they be made
better/easier to use/more secure? (I've really tried for the best
security possible). If you think that you could benefit from these
scripts, please try them out. (I'd really like to see something like
these in Red Hat after the RSA patent expires)
You can get these at:
ftp://duke.eburg.com/pub/linux/init.firewall
ftp://duke.eburg.com/pub/linux/ssh-vpn.tar.gz
MSG
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
