Page 1 of 1
[not4n00bs] A "secure" firewall default...
Posted: 06 Mar 2018, 20:52
by donald
n0ctilucient wrote: ↑06 Mar 2018, 17:47
(While booted into Porteus) copy /etc/rc.d/
lrc.local
Ok, this might be a typo..
But then
With a text editor open /etc/rc.d/rc.local and remove
the 1st comment (#) and add -e to the end of the line.
What..??
you mean the first line should be !/bin/sh -e ??
Looks to me like a messed up shebang line.
There should be a '#' in front of the '!'.
And why the -e flag = errexit
(causing the script to immediately exit on the first error)
Please explain why...
[not4n00bs] A "secure" firewall default...
Posted: 07 Mar 2018, 01:01
by donald
You do only need a modified rc.local file to start the firewall.
Code: Select all
#!/bin/sh
#
# /etc/rc.d/rc.local: Local system initialization script.
#
# Put any local startup commands in here. Also, if you have
# anything that needs to be run at shutdown time you can
# make an /etc/rc.d/rc.local_shutdown script and put those
# commands in there.
chmod +x /etc/rc.d/rc.FireWall
/etc/rc.d/rc.FireWall start
When you start Porteus your firewall will default to "block all".
I doubt that the firewall will use the "block all" settings
without further adjustments in rc.FireWall > allowed ports
I think the firewall will use the default = normal setting
You can compare the "block all" and "normal" firewall settings
as root with
iptables -L -v
[not4n00bs] A "secure" firewall default...
Posted: 07 Mar 2018, 11:59
by donald
EDIT
...learned something today...thanks!
ncmprhnsbl
So the simplest way to achieve the goal would be to create a module containing
/etc/rc.d/rc.FireWall,
make rc.FireWall executable and edit the ALLOWED_PORTS line.
Example:
Firewall "normal" would be ALLOWED_PORTS="20 21 22 25 80 110 143 443"
Firewall "block all" would be ALLOWED_PORTS="80 443"
and if you name the resulting module (e.g) 009-firewall.xzm
and place it into the "base" folder, it will work in AF mode too.
[not4n00bs] A "secure" firewall default...
Posted: 07 Mar 2018, 12:12
by ncmprhnsbl
FYI. once /etc/rc.d/rc.FireWall is made executable, it will start at boot without needing /etc/rc.d/rc.FireWall start in rc.local(or anywhere else)
whatever is executable in /etc/rc.d/ will be executed at boot.
when set with psc, a module containing /etc/rc.d/rc.FireWall(executable) is made (when not using /changes)
[not4n00bs] A "secure" firewall default...
Posted: 07 Mar 2018, 12:28
by donald
@ ncmprhnsbl
Aha!, good to know, thanks.
[not4n00bs] A "secure" firewall default...
Posted: 07 Mar 2018, 12:46
by donald
@ n0ctilucient
Hmmm...I thought you were going to build a module as you wrote in the 1st post
Now... make the module and add it to your Porteus loadout.
add it to the iso and burn a CD (or whatever)
Otherwise you could surely extract the original modules, search for the files, replace
them and rebuild the module,