Re: Linux Kernels

Richard B. Johnson (root@chaos.analogic.com)
Fri, 31 Oct 1997 08:55:23 -0500 (EST)

On 31 Oct 1997, Ketil Z Malde wrote:
[SNIPPED]
>
> Here's what you do: write a utility that reads the /etc/packet.deny
> file, and translate it into ipfwadm commands. No need to change the
> kernel.
>
> ~kzm

We already have one. It's called bash <grin>. Seriously, "commands"
or any type have nothing to do with the kernel. Commands are handled
by the shell or, if the shell doesn't understand the command, it
tries to execute some program within the path with the name of the
command.

ipfwadm is a program with an ugly name. However, one seldom has to
enter it manually. Here is my /etc/firewall.sh file, executed upon
startup by entering its name in /etc/rc.d/rc.local.

#
# This keeps Micro$oft garbage packets out of this machine
#
ipfwadm -I -f
ipfwadm -I -a deny -P udp -S 204.178.40.0/21 -D 204.178.47.0/21 137:139
ipfwadm -I -a deny -P tcp -S 204.178.40.0/21 -D 204.178.47.0/21 137:139
ipfwadm -I -a deny -P udp -S 204.178.40.0/21 -D 204.178.47.0/21 161:162
ipfwadm -I -a deny -P udp -S 204.178.40.0/21 -D 204.178.47.0/21 189:218
ipfwadm -I -a reject -P udp -S 204.178.40.0/21 -D 204.178.47.0/21 137:139
ipfwadm -I -a reject -P tcp -S 204.178.40.0/21 -D 204.178.47.0/21 137:139
ipfwadm -I -a reject -P icmp -S 204.178.40.0/21 137:139
ipfwadm -I -a reject -P udp -S 204.178.40.0/21 -D 204.178.47.0/21 161:162
ipfwadm -I -a reject -P udp -S 204.178.40.0/21 -D 204.178.47.0/21 189:218
ipfwadm -I -a reject -P udp -S 204.178.47.255/21 -D 204.178.47.255/21 50
ipfwadm -I -a reject -P udp -S 204.178.47.255/21 -D 204.178.47.255/21 137:139
ipfwadm -I -a reject -P udp -S 204.178.47.255/21 -D 204.178.47.255/21 189:218

Cheers,
Dick Johnson

Richard B. Johnson
Project Engineer
Analogic Corporation
Penguin : Linux version 2.1.60 on an i586 machine (66.15 BogoMips).
Warning : It's hard to remain at the trailing edge of technology.