[not4n00bs] A "secure" firewall default...

Post tutorials, HOWTO's and other useful resources here.
donald
Full of knowledge
Full of knowledge
Posts: 2063
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

[not4n00bs] A "secure" firewall default...

Post#1 by donald » 06 Mar 2018, 20:52

n0ctilucient wrote:
06 Mar 2018, 17:47
(While booted into Porteus) copy /etc/rc.d/lrc.local
Ok, this might be a typo..

But then
With a text editor open /etc/rc.d/rc.local and remove
the 1st comment (#) and add -e to the end of the line.
What..??
you mean the first line should be !/bin/sh -e ??

Looks to me like a messed up shebang line.
There should be a '#' in front of the '!'.
And why the -e flag = errexit
(causing the script to immediately exit on the first error)
Please explain why...

donald
Full of knowledge
Full of knowledge
Posts: 2063
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

[not4n00bs] A "secure" firewall default...

Post#2 by donald » 07 Mar 2018, 01:01

You do only need a modified rc.local file to start the firewall.

Code: Select all

#!/bin/sh
#
# /etc/rc.d/rc.local:  Local system initialization script.
#
# Put any local startup commands in here.  Also, if you have
# anything that needs to be run at shutdown time you can
# make an /etc/rc.d/rc.local_shutdown script and put those
# commands in there.
chmod +x /etc/rc.d/rc.FireWall
/etc/rc.d/rc.FireWall start
When you start Porteus your firewall will default to "block all".
I doubt that the firewall will use the "block all" settings
without further adjustments in rc.FireWall > allowed ports
I think the firewall will use the default = normal setting

You can compare the "block all" and "normal" firewall settings
as root with iptables -L -v

donald
Full of knowledge
Full of knowledge
Posts: 2063
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

[not4n00bs] A "secure" firewall default...

Post#3 by donald » 07 Mar 2018, 11:59

EDIT
...learned something today...thanks! ncmprhnsbl :good:

So the simplest way to achieve the goal would be to create a module containing
/etc/rc.d/rc.FireWall,
make rc.FireWall executable and edit the ALLOWED_PORTS line.

Example:
Firewall "normal" would be ALLOWED_PORTS="20 21 22 25 80 110 143 443"
Firewall "block all" would be ALLOWED_PORTS="80 443"

and if you name the resulting module (e.g) 009-firewall.xzm
and place it into the "base" folder, it will work in AF mode too.
Last edited by donald on 07 Mar 2018, 14:44, edited 2 times in total.

User avatar
ncmprhnsbl
DEV Team
DEV Team
Posts: 3924
Joined: 20 Mar 2012, 03:42
Distribution: v5.0-64bit
Location: australia
Contact:

[not4n00bs] A "secure" firewall default...

Post#4 by ncmprhnsbl » 07 Mar 2018, 12:12

FYI. once /etc/rc.d/rc.FireWall is made executable, it will start at boot without needing /etc/rc.d/rc.FireWall start in rc.local(or anywhere else)
whatever is executable in /etc/rc.d/ will be executed at boot.
when set with psc, a module containing /etc/rc.d/rc.FireWall(executable) is made (when not using /changes)
Forum Rules : https://forum.porteus.org/viewtopic.php?f=35&t=44

donald
Full of knowledge
Full of knowledge
Posts: 2063
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

[not4n00bs] A "secure" firewall default...

Post#5 by donald » 07 Mar 2018, 12:28

@ ncmprhnsbl
Aha!, good to know, thanks. :beer:

donald
Full of knowledge
Full of knowledge
Posts: 2063
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

[not4n00bs] A "secure" firewall default...

Post#6 by donald » 07 Mar 2018, 12:46

@ n0ctilucient
Hmmm...I thought you were going to build a module as you wrote in the 1st post
Now... make the module and add it to your Porteus loadout.
add it to the iso and burn a CD (or whatever)

Otherwise you could surely extract the original modules, search for the files, replace
them and rebuild the module, :)

Post Reply