From: Henrik Woffinden <henrik.woffinden@bo...> - 2007-05-28 19:14:28
I would like to know if I can get FWBuilder v2.1.11 (Build: 234) to save
the script as IPTables-restore file?
I've tried that setting, but then it saves the shell script to do the
actual iptables-restore in the beginning of the file.
Is there anyway I can make it save it as only the ruleset?
My FWBuilder installation is gonna manage 30 firewalls of IPTables. They
already has start / stop scripts that does everything needed if I can
place the file in the right location, only containing the ruleset.
Med venlig hilsen / Kind regards,
On May 28, 2007, at 12:14 PM, Henrik Woffinden wrote:
> Hello list,
> I would like to know if I can get FWBuilder v2.1.11 (Build: 234) to
> the script as IPTables-restore file?
> I've tried that setting, but then it saves the shell script to do the
> actual iptables-restore in the beginning of the file.
> Is there anyway I can make it save it as only the ruleset?
no, there is no way to do it because generated script (potentially)
does some other things besides setting iptables rules. For example,
it may need to determine IP address of interfaces that obtain it
dynamically, or add secondary IP addresses to interfaces, and so on.
Although technically possible to generate "pure" iptables-restore
file provided none of these functions are necessary for a given
firewall object configuration and rule set, it would need a lot of
code to do all the checks and verification for a very little benefit.
> My FWBuilder installation is gonna manage 30 firewalls of IPTables.
> already has start / stop scripts that does everything needed if I can
> place the file in the right location, only containing the ruleset.
note that you still need to activate new policy after you copy the
file. This means you probably need to write your own script to
install policy file and reload service "iptables". Since you will be
writing your own script anyway, you could make it copy script
generated by fwbuilder to /tmp, execute it there and then just run
iptables-save to generate configuration in the iptables-resotore
format in the standard place.
If you do not plan to write your own installer script, you can add a
call to iptables-save to the "epilog" section of the generated script
and install using installer provided by fwbuilder GUI. The installer
copies the script to the firewall and executes it there. Executing
the script sets iptables rules and in the end generates standard
iptables-restore file. Seems to be pretty simple.