#!/bin/bash # -*- Mode: shell-script -*- # /etc/bashrc of Linux FW for Home Users; pmateti feb 26, 2001 # we *are* a bash script, invoked from the bottom of /linuxrc export PATH="/bin:/sbin:/usr/bin:/usr/sbin" no_exit_on_failed_exec=yes cd / /bin/tar xmfz /mnt/tgz/netbasic.tgz >> /dev/tty5 2>&1 /bin/tar xmfz /mnt/tgz/iptables.tgz >> /dev/tty5 2>&1 /bin/tar xmfz /mnt/tgz/netutils.tgz >> /dev/tty5 2>&1 /bin/tar xmfz /mnt/tgz/sshd.tgz >> /dev/tty5 2>&1 # we need cp, etc /bin/busybox --install -s >> /dev/null 2>&1 # load the possibly modified init scripts from the cd /bin/cp -f /mnt/sysadmin/iptables.txt /etc/rc.iptables /bin/cp -f /mnt/sysadmin/igconfig.txt /etc/rc.config /bin/cp -f /mnt/sysadmin/ipmodule.txt /etc/rc.ipmodules /bin/umount /mnt # rm unnecessary binaries # rm -f /bin/tar /bin/gunzip /bin/gzip /sbin/ldconfig >> /dev/tty5 2>&1 # control traffic the moment network starts /sbin/insmod /lib/modules/ip_tables.o >> /dev/tty5 2>&1 /sbin/insmod /lib/modules/iptable_filter.o >> /dev/tty5 2>&1 /sbin/iptables --policy INPUT DROP >> /dev/tty5 2>&1 /sbin/iptables --policy OUTPUT DROP >> /dev/tty5 2>&1 /sbin/iptables --policy FORWARD DROP >> /dev/tty5 2>&1 /sbin/klogd >> /dev/tty5 2>&1 # sysadmin: our standard settings; you may want to change export EXT=eth1 export INT=eth0 export INTIP=192.168.17.111 export INTNET=192.168.17.0/24 export BLOCKEDTCP=20 export BLOCKEDUDP=20 export BLOCKEDIP=1.2.3.4 export SYSLOGIP=130.108.17.200 export PINGER=130.108.17.200 # our dialog with user for IP, GW, NS updates /etc/rc.config /bin/e3em etc/rc.config . etc/rc.config . etc/rc.network >> /dev/tty5 2>&1 # initiate kernel netfiltering after ifconfig lo $EXT $INT . etc/rc.procinits >> /dev/tty5 2>&1 # the few network services we offer echo -n "*.* @" > etc/syslog.conf echo $SYSLOGIP >> etc/syslog.conf /sbin/syslogd -m 60 >& /dev/null # load our firewall rules . etc/rc.iptables >> /dev/tty5 2>&1 # so that we are little more secure, do: echo "TBD rm -fr bin/* almost lib/modules/* tmp/*" >> /dev/tty5 2>&1 # -eof-