kubuntu-users Digest, Vol 12, Issue 48

Jordi Ferrando jferrando at netplc.com
Sun Jan 29 10:56:41 GMT 2006


Hi C Hamel,

Your script if straight-forward implementation, and I am sure it works 
good for you.
Anyway, if you are interested, for more refined init.d scripting, take a 
look at:

http://www.debian.org/doc/debian-policy/ch-opersys.html

C Hamel wrote:

>On Friday January 27 2006 03:45, kubuntu-users-request at lists.ubuntu.com wrote:
>  
>
>>Send kubuntu-users mailing list submissions to
>>	kubuntu-users at lists.ubuntu.com
>>
>>To subscribe or unsubscribe via the World Wide Web, visit
>>	https://lists.ubuntu.com/mailman/listinfo/kubuntu-users
>>or, via email, send a message with subject or body 'help' to
>>	kubuntu-users-request at lists.ubuntu.com
>>
>>You can reach the person managing the list at
>>	kubuntu-users-owner at lists.ubuntu.com
>>
>>When replying, please edit your Subject line so it is more specific
>>than "Re: Contents of kubuntu-users digest..."
>>
>>
>>Today's Topics:
>>
>>   1. Resizing the Desktop (Russ)
>>   2. ctrl e fn keys (Alessandro Pironi)
>>   3. Re: Katapult (Tobi Vollebregt)
>>   4. Re: NAT & bash questions (Jordi Ferrando Fabra)
>>   5. Re: kubuntu Dapper: kded crashes 'CppSQLite3Exception'
>>      -SOLVED (Bharat Rajagopalan)
>>Date: Fri, 27 Jan 2006 10:37:06 +0100
>>From: Jordi Ferrando Fabra <jferrando at netplc.com>
>>Subject: Re: NAT & bash questions
>>To: Kubuntu Help and User Discussions <kubuntu-users at lists.ubuntu.com>
>>Message-ID: <43D9E9C2.9010706 at netplc.com>
>>Content-Type: text/plain; charset="iso-8859-1"
>>
>>I use an own-written init script to enable iptables at start-up:
>>/etc/init.d/iptables_tc:
>>
>>/#!/bin/sh/
>>/#/
>>    
>>
><SNIP>
>  
>
>>------------------------------
>>    
>>
>
>I am intrigued by your script even if I am having trouble following it.  I am 
>not terribly script-savvy, I fear.  (I may be moderately good at some things, 
>but scripting is not one of them.)  The script I put together was taken from 
>my last distro, and works great.  The only rub is that I really have not much 
>of an idea how to write debian-friendly scripts that one can 
>stop,start,restart,force-restart, etc. 
>
> Mine looks like this:
>
>#!/bin/sh
>
>#Set up IPTABLES here, since it is problematic where to place the startup
>#First we flush our current rules
> iptables -F
> iptables -t nat -F
>
>#Setup default policies to handle unmatched traffic
> iptables -P INPUT ACCEPT
> iptables -P OUTPUT ACCEPT
> iptables -P FORWARD DROP
>
>#Copy and paste these examples ...
> export LAN=eth0
> export WAN=ppp0
>
>#Then we lock our services so they only work from the LAN
> iptables -I INPUT 1 -i ${LAN} -j ACCEPT
> iptables -I INPUT 1 -i lo -j ACCEPT
> iptables -A INPUT -p UDP --dport bootps -i ! ${LAN} -j REJECT
> iptables -A INPUT -p UDP --dport domain -i ! ${LAN} -j REJECT
>
>#(Optional) Allow access to our ssh server from the WAN
> iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT
>
>#Drop TCP / UDP packets to privileged ports
> iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP
> iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP
>
>#Finally we add the rules for NAT
> iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j DROP
> iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT
> iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT
> iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
>#Tell the kernel that ip forwarding is OK
> echo 1 > /proc/sys/net/ipv4/ip_forward
> for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done
>
>Finally, I enable ppp0-on-demand (note: no wireless where I live, it's still a 
>dream):
>
>#Enable on-demand ppp0
>/usr/sbin/pppd call sc2k
>
>I'd be very interested in your insight.
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/kubuntu-users/attachments/20060129/0372ec1b/attachment.htm


More information about the kubuntu-users mailing list