firewall NAT services

• What: Provides NAT and firewall services for internal private networks in a cluster
• Installs as a service in /etc/init.d/firewall
  • See Main Code Section below for all options
• Depends ClusterToolsCommon

firewall

• Updated: Thu Aug 6 15:26:54 2015
• Provides:
  • * firewall*
• Required-Start:
  • * $local_fs $network*
• Required-Stop:
  • * $local_fs $network*
• Should-Start:
  • * $syslog*
• Should-Stop:
  • * $syslog*
• Default-Start:
  • * 2 3 4 5*
• Default-Stop:
  • * 0 1 6*
• Short-Description:
  • Start or stop the firewall NAT
  • END INIT INFO

init run level information

firewall script provides firewall and NAT services for a private network

• firewall - document source

• Author: Mike Gore
• Date:
  • 28 April 2014
• Notes:
  • If you need to add or limit existing service rules
  • You should only have to make changed to the functions:
  • local, and less likely; mail_firewall

check()

• What:
  • Must have a NAT defined or die
• Return:
  • exit 1 if no firewall is defined

init_firewall()

• What:
  • remove all firewall rules and kernel modules
  • sets state to ACCEPT or DROP
• Arguments:
  • allow - or - drop
  • allow = ACCEPT all traffic
  • drop = DROP all traffic

list()

• What:
  • List network interfaces ---++ firewall
• Updated: Thu Aug 6 15:26:54 2015
• Provides:
  • * firewall*
• Required-Start:
  • * $local_fs $network*
• Required-Stop:
  • * $local_fs $network*
• Should-Start:
  • * $syslog*
• Should-Stop:
  • * $syslog*
• Default-Start:
  • * 2 3 4 5*
• Default-Stop:
  • * 0 1 6*
• Short-Description:
  • Start or stop the firewall NAT
  • END INIT INFO

init run level information

firewall script provides firewall and NAT services for a private network

• firewall - document source

• Author: Mike Gore
• Date:
  • 28 April 2014
• Notes:
  • If you need to add or limit existing service rules
  • You should only have to make changed to the functions:
  • local, and less likely; mail_firewall

check()

• What:
  • Must have a NAT defined or die
• Return:
  • exit 1 if no firewall is defined

init_firewall()

• What:
  • remove all firewall rules and kernel modules
  • sets state to ACCEPT or DROP
• Arguments:
  • allow - or - drop
  • allow = ACCEPT all traffic
  • drop = DROP all traffic

list()

• What:
  • List network interfaces

hosts_allow()

• What:
  • Modifies /etc/hosts.allow adding the private networks

local_rules()

• What:
  • Local default firewall rules for UW
• Notes:
  • Customize these to suit your needs

main_firewall()

• What:
  • Main firewall code - site independent firewall code
• Notes:
  • Calls local_rules

add_ssh_host()

• What:
  • Open an inbound ssh rule for the specified external host
• Arguments:
  • host
• Returns:
  • Fatal if host not specified

del_ssh_host()

• What:
  • Close an inbound ssh rule for the specified external host
• Arguments:
  • host
• Returns:
  • Fatal if host not specified

checkhost()

• What:
  • Check if a host has a firewall rule
• Arguments:
  • host
• Returns:
  • Display iptables result

openhost()

• What:
  • Open an inbound rule for the specified external host
• Arguments:
  • host
• Returns:
  • Fatal if host not specified

blockhost()

• What:
  • CLose an inbound rule for the specified external host
• Arguments:
  • host
• Returns:
  • Fatal if host not specified

install_service()

• What:
  • Install firewall script as a service
• Notes:
  • Sets the firewall state to allow all
• Returns:
  • Displays status

remove_service()

• What:
  • Remove firewall service
• Notes:
  • Sets the firewall state to allow all
• Returns:
  • Displays status

Main Code Section:

• Arguments:
  • start - start firewall
  • stop - stop firewall
  • restart - restart firewall
  • status - firewall status display
  • add_ssh_host - add inbound allow ssh rule for host
  • del_ssh_host - del inbound allow ssh rule for host
  • openhost - add inbound allow open rule for host
  • blockhost - add inbound block rule for host
  • checkhost - check host rule
  • install - install this script as a service
  • uninstall - remove script as service

hosts_allow()

• What:
  • Modifies /etc/hosts.allow adding the private networks

local_rules()

• What:
  • Local default firewall rules for UW
• Notes:
  • Customize these to suit your needs

main_firewall()

• What:
  • Main firewall code - site independent firewall code
• Notes:
  • Calls local_rules

add_ssh_host()

• What:
  • Open an inbound ssh rule for the specified external host
• Arguments:
  • host
• Returns:
  • Fatal if host not specified

del_ssh_host()

• What:
  • Close an inbound ssh rule for the specified external host
• Arguments:
  • host
• Returns:
  • Fatal if host not specified

checkhost()

• What:
  • Check if a host has a firewall rule
• Arguments:
  • host
• Returns:
  • Display iptables result

openhost()

• What:
  • Open an inbound rule for the specified external host
• Arguments:
  • host
• Returns:
  • Fatal if host not specified

blockhost()

• What:
  • CLose an inbound rule for the specified external host
• Arguments:
  • host
• Returns:
  • Fatal if host not specified

install_service()

• What:
  • Install firewall script as a service
• Notes:
  • Sets the firewall state to allow all
• Returns:
  • Displays status

remove_service()

• What:
  • Remove firewall service
• Notes:
  • Sets the firewall state to allow all
• Returns:
  • Displays status

Main Code Section:

• Arguments:
  • start - start firewall
  • stop - stop firewall
  • restart - restart firewall
  • status - firewall status display
  • add_ssh_host - add inbound allow ssh rule for host
  • del_ssh_host - del inbound allow ssh rule for host
  • openhost - add inbound allow open rule for host
  • blockhost - add inbound block rule for host
  • checkhost - check host rule
  • install - install this script as a service
  • uninstall - remove script as service