<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: CIPE <cipe-l,AT,inka,DOT,de>
Subject: COMMENTS - IPTables firewall rules
From: Phil Scarratt <fil,AT,draxsen,DOT,com>
Date: Fri, 06 Jun 2003 17:01:28 +1000
Organization: Draxsen Technologies

Sorry for those who do read all emails to list in their entirety. The following is an extract from my last email to the list. Any comments (too open, etc):

3. If the "server/client" machines are behind firewalls which use iptables, you will need to add the following (regexp's are a bit crude but serve the purpose). Someone may like to comment on the rules - are they too open?:

########## /etc/cipe/ip-up.local ##########
#!/bin/sh
# ip-up.local

# This is called when the CIPE interface is opened.
# Arguments:
#  $1 interface     the CIPE interface
#  $2 myaddr        our UDP address
#  $3 daemon-pid    the daemon's process ID
#  $4 local         IP address of our CIPE device
#  $5 remote        IP address of the remote CIPE device
#  $6 arg           argument supplied via options

MY_CIPE_PORT=`expr $2 : '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*:\([0-9]*\)'`
IFACE_LAN='eth0'
IFACE_NET='ppp0'

iptables -I INPUT -i $IFACE_NET -p udp --dport $MY_CIPE_PORT -j ACCEPT
iptables -I INPUT -i $1 -j ACCEPT
iptables -I OUTPUT -o $1 -j ACCEPT
iptables -I FORWARD -i $1 -o $IFACE_LAN -s $5 -j ACCEPT

exit 0
########## end of /etc/cipe/ip-up.local ##########

########## /etc/cipe/ip-down.local ##########
#!/bin/sh
# ip-down.local

# This is called when the CIPE interface is opened.
# Arguments:
#  $1 interface     the CIPE interface
#  $2 myaddr        our UDP address
#  $3 daemon-pid    the daemon's process ID
#  $4 local         IP address of our CIPE device
#  $5 remote        IP address of the remote CIPE device
#  $6 arg           argument supplied via options

MY_CIPE_PORT=`expr $2 : '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*:\([0-9]*\)'`
IFACE_LAN='eth0'
IFACE_NET='ppp0'

iptables -D INPUT -i $IFACE_NET -p udp --dport $MY_CIPE_PORT -j ACCEPT
iptables -D INPUT -i $1 -j ACCEPT
iptables -D OUTPUT -o $1 -j ACCEPT
iptables -D FORWARD -i $1 -o $IFACE_LAN -s $5 -j ACCEPT

exit 0
########## end of /etc/cipe/ip-down.local ##########

--
Phil Scarratt
Draxsen Technologies
IT Contractor/Consultant
0403 53 12 71


<< | Thread Index | >> ]    [ << | Date Index | >> ]