#!/bin/bash -i ################################################# # Simply_Shorewall(c) # # written by InspectorCluseau # # November 23, 2004 # # # # Setup Shorewall firewall # ################################################# # This script contains a portion of the following: # # The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V2.0 3/14/2003 # # This program is under GPL. # #This program is free software; you can redistribute it #and/or modify it under the terms of Version 2 of the GNU #General Public License as published by the Free Software #Foundation. # echo "" echo "" # Must be run as root (for write access in /etc/shorewall). error() { echo "There is a problem, the script has failed. Check /var/log/messages." exit 2 } ROOT_UID=0 # Only users with $UID 0 have root privileges. E_NOTROOT=67 # Non-root exit error. if [ "$UID" -ne "$ROOT_UID" ] then echo "You must be root to run this script. Logout as user and login as root. (or you can pull your hair out trying to use this script) Do the install from the initial prompt, not in X." exit $E_NOTROOT fi if [ -z $PS1 ] # no prompt? then # non-interactive ... else # interactive ... fi dialog --colors --cr-wrap --title "Well Stanley, ...Here's another fine mess.....(Solved!)" --yesno "Hello, "$USER" on `uname --sysname` `uname --release` This script is for a DIALUP connection and requires that you install the shorewall firewall application in a standard manner. The result should be a simple firewall that allows you to use the internet, while your computer appears to be 'invisible' to anyone trying to access it from the internet. Test it before and afterwards with Shields Up! found at http://www.grc.com/ \Zb\Z1IF YOU DO NOT USE DIALUP,\Zn then after running this script, you must edit the interfaces file in the /etc/shorewall directory to use whatever your method is to connect to the internet. The old interfaces file 'interfaces.save' will help with that. A standard shorewall installation is defined as an installation of shorewall that creates a shorewall sub directory in /etc. The files changed are the 'policy', 'rules' and 'interfaces' files. The old files are saved with a '.save' extension. If you can't use this script or it fails, you can open this script and see the usage in each file. Edit your shorewall files, where ever they are, and you will get the same results. Follow the shorewall directions provide to start shorewall. This script comes WITHOUT ANY WARRANTY OF ANY KIND. USE AT YOUR OWN RISK. Do you want to continue?" 35 70;\ # case $? in 1) echo "Chickened out?...lol...you can do it the hard way too."; exit 0;; 0) esac cd /etc/shorewall cp policy policy.save echo "################################################################################ # ACTION SOURCE DEST POLICY LOG LIMIT:BURST # LEVEL fw all ACCEPT net all DROP info # # THE FOLLOWING POLICY MUST BE LAST # all all REJECT info #LAST LINE -- DO NOT REMOVE" > policy cp rules rules.save echo "#################################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ ACCEPT fw net tcp www ACCEPT fw net udp www DROP net all all #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE" > rules cp interfaces interfaces.save echo "# Example 3: You have a simple dial-in system with no ethernet # connections. net ppp0 - ############################################################################## #ZONE INTERFACE BROADCAST OPTIONS # #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE" > interfaces # clear exit 0