The most important
responsibility of the gateway is to firewall our three separate
network segments. We will again use the
Netfilter functionality that was introduced in
Section 5.3.1. See that section for a basic
introduction to the functioning of
rc.firewall script for the gateway is
significantly more complex that the one laid out for use on the
clients. It has to protect not only the gateway itself, but also
ensure separation between the networks while allowing vital services
on the gateway to be accessed by local users. This script is also
much more aggressive in preventing abusive behavior since it will be
the frontline against often hazardous Internet traffic.
This script is quite long; we will examine it section by section. To
build the completed script, concatenate each of the example sections
that follow into
First, we establish several variables that will be used throughout the rest of the script. By placing these values into variables, we can easily update the script if these values change in the future. Here we define the three network interfaces that will be used for the upstream, wired, and wireless connections, respectively. Change these to match the configuration of your machine.
#!/bin/sh # rc.firewall for gateway # --- SETUP --- # Variables (for easier changes) IPTABLES=/sbin/iptables INT_GW="
" INT_ALL="$INT_GW $INT_WIRED $INT_WIRELESS lo"
IP_ variables ...