-- MikeGore - 2015-08-27

firewall NAT services

  • What: Provides NAT and firewall services for internal private networks in a cluster
  • Installs as a service in /etc/init.d/firewall
    • See Main Code Section below for all options
  • Depends ClusterToolsCommon

firewall

  • Updated: Thu Aug 6 15:26:54 2015
  • Provides:
    • * firewall*
  • Required-Start:
    • * $local_fs $network*
  • Required-Stop:
    • * $local_fs $network*
  • Should-Start:
    • * $syslog*
  • Should-Stop:
    • * $syslog*
  • Default-Start:
    • * 2 3 4 5*
  • Default-Stop:
    • * 0 1 6*
  • Short-Description:
    • Start or stop the firewall NAT
    • END INIT INFO

init run level information

firewall script provides firewall and NAT services for a private network

  • Author: Mike Gore
  • Date:
    • 28 April 2014
  • Notes:
    • If you need to add or limit existing service rules
    • You should only have to make changed to the functions:
    • local, and less likely; mail_firewall

check()

  • What:
    • Must have a NAT defined or die
  • Return:
    • exit 1 if no firewall is defined

init_firewall()

  • What:
    • remove all firewall rules and kernel modules
    • sets state to ACCEPT or DROP
  • Arguments:
    • allow - or - drop
    • allow = ACCEPT all traffic
    • drop = DROP all traffic

list()

  • What:
    • List network interfaces ---++ firewall
  • Updated: Thu Aug 6 15:26:54 2015
  • Provides:
    • * firewall*
  • Required-Start:
    • * $local_fs $network*
  • Required-Stop:
    • * $local_fs $network*
  • Should-Start:
    • * $syslog*
  • Should-Stop:
    • * $syslog*
  • Default-Start:
    • * 2 3 4 5*
  • Default-Stop:
    • * 0 1 6*
  • Short-Description:
    • Start or stop the firewall NAT
    • END INIT INFO

init run level information

firewall script provides firewall and NAT services for a private network

  • Author: Mike Gore
  • Date:
    • 28 April 2014
  • Notes:
    • If you need to add or limit existing service rules
    • You should only have to make changed to the functions:
    • local, and less likely; mail_firewall

check()

  • What:
    • Must have a NAT defined or die
  • Return:
    • exit 1 if no firewall is defined

init_firewall()

  • What:
    • remove all firewall rules and kernel modules
    • sets state to ACCEPT or DROP
  • Arguments:
    • allow - or - drop
    • allow = ACCEPT all traffic
    • drop = DROP all traffic

list()

  • What:
    • List network interfaces

hosts_allow()

  • What:
    • Modifies /etc/hosts.allow adding the private networks

local_rules()

  • What:
    • Local default firewall rules for UW
  • Notes:
    • Customize these to suit your needs

main_firewall()

  • What:
    • Main firewall code - site independent firewall code
  • Notes:
    • Calls local_rules

add_ssh_host()

  • What:
    • Open an inbound ssh rule for the specified external host
  • Arguments:
    • host
  • Returns:
    • Fatal if host not specified

del_ssh_host()

  • What:
    • Close an inbound ssh rule for the specified external host
  • Arguments:
    • host
  • Returns:
    • Fatal if host not specified

checkhost()

  • What:
    • Check if a host has a firewall rule
  • Arguments:
    • host
  • Returns:
    • Display iptables result

openhost()

  • What:
    • Open an inbound rule for the specified external host
  • Arguments:
    • host
  • Returns:
    • Fatal if host not specified

blockhost()

  • What:
    • CLose an inbound rule for the specified external host
  • Arguments:
    • host
  • Returns:
    • Fatal if host not specified

install_service()

  • What:
    • Install firewall script as a service
  • Notes:
    • Sets the firewall state to allow all
  • Returns:
    • Displays status

remove_service()

  • What:
    • Remove firewall service
  • Notes:
    • Sets the firewall state to allow all
  • Returns:
    • Displays status

Main Code Section:

  • Arguments:
    • start - start firewall
    • stop - stop firewall
    • restart - restart firewall
    • status - firewall status display
    • add_ssh_host - add inbound allow ssh rule for host
    • del_ssh_host - del inbound allow ssh rule for host
    • openhost - add inbound allow open rule for host
    • blockhost - add inbound block rule for host
    • checkhost - check host rule
    • install - install this script as a service
    • uninstall - remove script as service

hosts_allow()

  • What:
    • Modifies /etc/hosts.allow adding the private networks

local_rules()

  • What:
    • Local default firewall rules for UW
  • Notes:
    • Customize these to suit your needs

main_firewall()

  • What:
    • Main firewall code - site independent firewall code
  • Notes:
    • Calls local_rules

add_ssh_host()

  • What:
    • Open an inbound ssh rule for the specified external host
  • Arguments:
    • host
  • Returns:
    • Fatal if host not specified

del_ssh_host()

  • What:
    • Close an inbound ssh rule for the specified external host
  • Arguments:
    • host
  • Returns:
    • Fatal if host not specified

checkhost()

  • What:
    • Check if a host has a firewall rule
  • Arguments:
    • host
  • Returns:
    • Display iptables result

openhost()

  • What:
    • Open an inbound rule for the specified external host
  • Arguments:
    • host
  • Returns:
    • Fatal if host not specified

blockhost()

  • What:
    • CLose an inbound rule for the specified external host
  • Arguments:
    • host
  • Returns:
    • Fatal if host not specified

install_service()

  • What:
    • Install firewall script as a service
  • Notes:
    • Sets the firewall state to allow all
  • Returns:
    • Displays status

remove_service()

  • What:
    • Remove firewall service
  • Notes:
    • Sets the firewall state to allow all
  • Returns:
    • Displays status

Main Code Section:

  • Arguments:
    • start - start firewall
    • stop - stop firewall
    • restart - restart firewall
    • status - firewall status display
    • add_ssh_host - add inbound allow ssh rule for host
    • del_ssh_host - del inbound allow ssh rule for host
    • openhost - add inbound allow open rule for host
    • blockhost - add inbound block rule for host
    • checkhost - check host rule
    • install - install this script as a service
    • uninstall - remove script as service
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2015-08-27 - MikeGore
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback