Appendix A. Two Complete Iptables Startup Scripts

These two scripts use iptables to configure netfilter on a DMZ’ed server and on the firewall that protects it, assuming a simple inside-DMZ-outside architecture as described in Chapter 2 and Chapter 3. For the full example scenario to which these scripts apply, refer to Section 3.1.8.

The first script is for the bastion host “Woofgang,” a public FTP/HTTP server, shown in Example A-1.

Example A-1. iptables script for a bastion host running FTP and HTTP services

#! /bin/sh # init.d/localfw # # System startup script for local packet filters on a bastion server # in a DMZ (NOT for an actual firewall) # # Functionally the same as Example 3-10, but with SuSE-isms restored and # with many more comments. # # Structurally based on SuSE 7.1's /etc/init.d/skeleton, by Kurt Garloff # # The following 9 lines are SuSE-specific # ### BEGIN INIT INFO # Provides: localfw # Required-Start: $network $syslog # Required-Stop: $network $syslog # Default-Start: 2 3 5 # Default-Stop: 0 1 2 6 # Description: Start localfw to protect local heinie ### END INIT INFO # /End SuSE-specific stuff (for now) # Let's save typing & confusion with a couple of variables. # These are NOT SuSE-specific in any way. IP_LOCAL=208.13.201.2 IPTABLES=/usr/sbin/iptables test -x $IPTABLES || exit 5 # The following 42 lines are SuSE-specific # Source SuSE config # (file containing system configuration variables, though in SuSE 8.0 this # has been split into a number of files in ...

Get Building Secure Servers with Linux now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.