Ok i went to a website that created a script for me

basically, it asked me a series of questions, for example, am i running a webserver, etc etc

and then it opened a webbrowser with the script

so what i was wondering was, what do i do with it now

shall i open up a text editor, and copy and paste the script into the text editor??

if so what shall i save the file as, then, where do i save it, and how do i get it to start when the machine starts?

Thanx

Well there are a few tings you can do,

first i would go voer the script in detail to make sure there isnt anything... trickey shall we say in it... maybe you can post it here or e-mail it to me.. also the automatic generation may not meet your needs etc.. what network internet you want to accept certin commands .. etc.

you can put the script in a a few places.
1. you home dir and run it with sudo.. once
if the script dosent allredy have it.. i would flush all the current tables

#> iptables --flush

before you run to, so evarything is clean :)

you can put it in your /etc/rc.d/ files so it is
ran at startup or you can put it somewhere in your crond files.. if you add iptables --flush to it, why would you put it in your crond files? i dunno but your could :)

if you dont know how to run it.... just as a root user(you need to be root to run iptables unless you +s it)

you put the script into a text editor save it as firewall.sh

make it executable chmod 755 firewall.sh

then run it...

./firewall.sh

then get the hell out of your root shell

well you can e-mail me at contact@bia-security.com with the script if you want me to look it over.

or if this was unclear.. you should take a look at tldp.org or linux.com to get some info on iptables so your no totaly blind

Anthony LaMantia

<<< signature to be setup in your profile. >>>

ok i emailed you the iptables

look at them whenever you have time, no hurry

thanx for your help

Matt.

My suggestion would be to learn iptables before implementing it. Its important to understand what your firewall script does before using it, thats the problem I have with these "auto-generated" scripts on the web or the ones you can download. They really aren't doing much of a service to you. Your better off spending the time learning how to use the tool and exactly what it is doing.
Good Luck
Sadistikal

Additions here:
I also wanted to mention a couple things that were talked about by Anthony.
if you dont know how to run it.... just as a root user(you need to be root to run iptables unless you +s it)
I know you didn't explicitly say to make the script setUID but you didn't say not to either. setUID shell scripts are bad bad bad. Don't do it. If anyone wants reasons I'll be happy to give them.
make it executable chmod 755 firewall.sh

Make it 700 instead. That way everyone in the world can't read it on your system. Yes it might be a bit paranoid but nobody should need read access to your firewall script.

I don't want to sound too critical, I'm just trying to be helpful.
Sadistikal

:), its fine... on my system you have to be root to run iptables... and i said above


first i would go over the script in detail to make sure there isnt anything... trickey shall we say in it.



then get the hell out of your root shell
-----------------------------------------

the chmod 700.. is a good idea and i take note

I SAID +s :( mygod.. i should read what i type