---

---

Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 108 NOTE: Don’t forget to exclude your own IP address from outgoing packets blocked. The rest of the rules Other rules used in the firewall scripts files are: · Accessing a Service from the Outside World · Offering a Service to the Outside World · Masquerading the Internal Machines The firewall scripts files The tool ipchains allows you to set up firewalls, IP masquerading, etc. Ipchains talks to the kernel and tells it what packets to filter. Therefore all your firewall setups are stored in the kernel, and thus will be lost on reboot. To avoid this, we recommend using the System V init scripts to make your rules permanent. To do this, create a firewall script file like show bellow in your “/etc/rc.d/init.d/” directory for each servers you have. Of course, each server has different services to offer and need different firewall setup. For this reason, we provide you tree different firewall setting, which you can play, examine and fit your needs. Also I assume that you have a minimum knowledge on how filtering firewall and firewall rules works. Configuration of the “/etc/rc.d/init.d/firewall” script file for the Web Server This is the configuration script file for our Web Server machine. This configuration allow, unlimited traffic on the Loopback interface, ICMP, DNS Caching and Client Server (53), SSH Server (22), HTTP Server (80), HTTPS Server (443), SMTP Client (25), FTP Server (20, 21), and   OUTGOING TRACEROUTE requests by default. If you don’t want some services listed in the firewall rules files for the Web Server that I make ON by default, comment them out with a "#" at the beginning of the line. If you want some other services that I commented out with a "#", then remove  the "#" at the beginning of their lines. Create the firewall script file (touch /etc/rc.d/init.d/firewall) on your Web Server and add: #!/bin/sh # # ---------------------------------------------------------------------------- # Last modified by Gerhard Mourani:  02-01-2000 # ---------------------------------------------------------------------------- # Copyright (C) 1997, 1998, 1999  Robert L. Ziegler # # Permission to use, copy, modify, and distribute this software and its  # documentation for educational, research, private and non-profit purposes, # without fee, and without a written agreement is hereby granted.   # This software is provided as an example and basis for individual firewall # development.  This software is provided without warranty. # # Any material furnished by Robert L. Ziegler is furnished on an   # "as is" basis.  He makes no warranties of any kind, either expressed   # or implied as to any matter including, but not limited to, warranty   # of fitness for a particular purpose, exclusivity or results obtained # from use of the material. # ---------------------------------------------------------------------------- # # Invoked from /etc/rc.d/init.d/firewall. # chkconfig: - 60 95 # description: Starts and stops the IPCHAINS Firewall \ #              used to provide Firewall network services.