Securing-Optimizing-RH-Linux-1_2_143
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
143
stop)
echo -n "Shutting Firewalling Services: "
# Remove all existing rules belonging to this filter
ipchains -F
# Delete all user-defined chain to this filter
ipchains -X
# Reset the default policy of the filter to accept.
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT
# Reset TCP SYN Cookie Protection to off.
echo 0 >/proc/sys/net/ipv4/tcp_syncookies
# Reset IP spoofing protection to off.
# turn on Source Address Verification
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 0 > $f
done
# Reset ICMP Redirect Acceptance to on.
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
echo 1 > $f
done
# Reset Source Routed Packets to on.
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
echo 1 > $f
done
;;
status)
status firewall
;;
restart|reload)
$0 stop
$0 start
;;
*)
echo "Usage: firewall {start|stop|status|restart|reload}"
exit 1
esac
exit 0
Now, make this script executable and change its default permission:
[root@deep /]# chmod 700 /etc/rc.d/init.d/firewall
[root@deep /]# chown 0.0 /etc/rc.d/init.d/firewall
Create the symbolic rc.d links for your Firewall with the command:
[root@deep /]# chkconfig --add firewall
[root@deep /]# chkconfig --level 345 firewall on
Now, your firewall rules are configured to use System V init (System V init is in charge of starting
all the normal processes that need to run at boot time) and it will be automatically started each
time if your server reboot.
·
To stop manually the firewall on your system, use the following command: