Re: [FUG-BR] Duvida na utilização dos scripts rc.d

Marcelo Gondim Wed, 14 Mar 2012 19:44:14 -0700

Em 14/03/2012 22:34, Marcelo/Porks escreveu:
> On Mar 13, 2012 11:18 PM, "Nilton Jose Rizzo"<ri...@i805.com.br>  wrote:
>>
>>
>>
>>    Boa noite,
>>
>>
>>      Ja a muito tempo  sempre ignorei o sript de firewall do free
>>   e fazia o meu próprio.
>>
>>       Como montei uma máquina nova (FreeBSD 9.0) fui utilizar
>>   a opção do rc.conf para colocar o meu script para rodar,e para minha
>>   surpresa o negocio não inicializa corretamente, dá erros em um echo  ou


Oi Nilton,

Eu uso meu próprio script ipfw e faço assim pra ele rodar pelo /etc/rc.conf

firewall_enable="YES"
firewall_script="/etc/beastiefrw/beastiefrw"

Não uso o firewall_type pois esse usa os firewalls pre-prontos do 
FreeBSD.  :) Uso apenas os carinhas acima.

Só isso que faço :)

> no
>>   próprio /sbin/ipfw
>>
>>
>> vejam:
>>
>>
>> firewall_enable="YES"           # Set to YES to enable firewall
> functionality
>> firewall_script="/etc/rc.firewall" # Which script to run to set up the
> firewall
>> firewall_type="/etc/rc.personalfw"      # Firewall type (see
> /etc/rc.firewall)
>> firewall_quiet="NO"             # Set to YES to suppress rule display
>> firewall_logging="YES"          # Set to YES to enable events logging
>> firewall_flags=""               # Flags passed to ipfw when type is a file
>>
>>
> Olha so, nunca usei esse esquema do rc.conf para firewall, mas vique no
> /etc/defaults/rc.conf a opcao firewall_type q voce usou nao bate com a
> especificacao la:
>
> BARAD-DUR# grep firewall /etc/defaults/rc.conf
> ### Basic network and firewall/security options: ###
> firewall_enable="NO"            # Set to YES to enable firewall
> functionality
> firewall_script="/etc/rc.firewall" # Which script to run to set up the
> firewall
> firewall_type="UNKNOWN"         # Firewall type (see /etc/rc.firewall)
> firewall_quiet="NO"             # Set to YES to suppress rule display
> firewall_logging="NO"           # Set to YES to enable events logging
> firewall_flags=""               # Flags passed to ipfw when type is a file
>
> Ele fala para ver o /etc/rc.firewall para as opcoes do firewall_type
>
> Nesse aquivo tem:
>
> # Define the firewall type in /etc/rc.conf.  Valid values are:
> #   open        - will allow anyone in
> #   client      - will try to protect just this machine
> #   simple      - will try to protect a whole network
> #   closed      - totally disables IP services except via lo0 interface
> #   workstation - will try to protect just this machine using stateful
> #                 firewalling. See below for rc.conf variables used
> #   UNKNOWN     - disables the loading of firewall rules.
> #   filename    - will load the rules in the given filename (full path
> required)
>
> Ok, ali diz que voce pode usar um caminho para um arquivo com as regras.
> Entao eu pergunto, sera que nao eh isso? Digo, ao que parece nesse seu
> arquivo tem "echo" e isso nao eh uma regra...
>
> Voce esta usando o arquivo como em shell script, mas talvez o rc.firewall
> espera que o arquivo seja apenas uma lista com as regras
>
>> Meu script é apenas simplificado (rc.personalfw
>>
>> #!/bin/sh
>>
>> echo 'Firewall version 1.0'
>> echo '===================='
>>
>> /sbin/ipfw add 65000 allow all from any to any
>>
>> /sbin/ipfw add 10000 deny log logamount 0 ip from any to me via re0 setup
>>
>>
>> Quando executo na mão (/etc/rc.personalfw) roda ok
>> Quando executoi via rc.firewall ou ipfw start
>>
>>
>> home# sh /etc/rc.firewall
>> Flushed all rules.
>> 00100 allow ip from any to any via lo0
>> 00200 deny ip from any to 127.0.0.0/8
>> 00300 deny ip from 127.0.0.0/8 to any
>> 00400 deny ip from any to ::1
>> 00500 deny ip from ::1 to any
>> 00600 allow ipv6-icmp from :: to ff02::/16
>> 00700 allow ipv6-icmp from fe80::/10 to fe80::/10
>> 00800 allow ipv6-icmp from fe80::/10 to ff02::/16
>> 00900 allow ipv6-icmp from any to any ip6 icmp6types 1
>> 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
>> Line 3: bad command `echo'
>>
>> ou
>>
>> home# /etc/rc.d/ipfw start
>> Flushed all rules.
>> 00100 allow ip from any to any via lo0
>> 00200 deny ip from any to 127.0.0.0/8
>> 00300 deny ip from 127.0.0.0/8 to any
>> 00400 deny ip from any to ::1
>> 00500 deny ip from ::1 to any
>> 00600 allow ipv6-icmp from :: to ff02::/16
>> 00700 allow ipv6-icmp from fe80::/10 to fe80::/10
>> 00800 allow ipv6-icmp from fe80::/10 to ff02::/16
>> 00900 allow ipv6-icmp from any to any ip6 icmp6types 1
>> 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
>> Line 3: bad command `echo'
>> Firewall rules loaded.
>> Firewall logging enabled.
>>
>>
>>   Já olhei, já vasculhei o manual na rede e não achei nada de útil que
>> resolva o meu problema.  Alguem tem alguma luz????
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> Nilton José Rizzo
>> 805 Informatica
>> Disseminando tecnologias
>> 021 2413 9786
>> ---
>> A: Because it messes up the order in which people normally read text.
>> Q: Why is top-posting such a bad thing?
>>
>> http://en.wikipedia.org/wiki/Posting_style
>>
>> -------------------------
>> Histórico: http://www.fug.com.br/historico/html/freebsd/
>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>

-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

Re: [FUG-BR] Duvida na utilização dos scripts rc.d

Responder a