ipchains

[JellyD <jellyd@jellyd.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Anybody have any good ipchains setup scripts ? I wrote a really
nice one but a limitation in bash doesn't let it work right <g>

(It's got four nested for loops to setup all the chains/rules
 in one big job, but for it to work, I need to be able to
 dereference the contents of a shell variable .. twice; e.g. I
 have VAR="ANOTHERVAR" and I need to somehow dereference
 $ANOTHERVAR from that.)

As a general ipchains thing .. I'm still not quite sure the
correct way to set my rules up. I've got a few chains setup
with the input rules to allow per-port by selected hosts
(different set of hosts/ports per chain), but whenever I turn
the wall on, none of the packets get back out, even though I
don't have any output rules defined, and the output chain's
policy is set to ACCEPT (for testing).

I'm setting input/chain rules like:

ipchains -A $CHAIN -i $ETHDEV -p $PROTO -s $WORLD -d $WORLD \
    $PORT -j ACCEPT

where $WORLD=0.0.0.0/0, but it's still not working correctly. I
could dump the whole ipchains ruleset down to a file and post
it but it'd be large.

Suggestions ?

Do I need to explicitly state outgoing rules as well, even with
the policy of ACCEPT ? (I'll make it so later, but for now).

- --
[----------------------------------------------------------------------]
| Joshua Becker                    - aka -                      JellyD |
| email: jellyd@jellyd.org                          IRC: EFnet, DALnet |
[----------------------------------------------------------------------]

-----BEGIN PGP SIGNATURE-----
Version: GNUPG v0.4.3 (GNU/Linux)
Comment: For info finger gcrypt@ftp.guug.de

iD8DBQE3KKT5cmkpI69BOLwRAvDtAJ4hq1itb0YgDUDROWhrPZkYEqqgWgCdFZBv
4VB8MsVykmPZBArjZ52tTOg=
=iJpo
-----END PGP SIGNATURE-----