Re: [Bastille-linux-discuss] bastille-netfilter script
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
Menu
▾
▴
Re: [Bastille-linux-discuss] bastille-netfilter script
|
From: Sweth C. <bas...@as...> - 2002-04-18 20:15:34
|
On Thu, Apr 18, 2002 at 11:37:15AM -0700, Jeremy Gaudet wrote:
> if [ $i = "${DEFAULT_GW_IFACE}" ]; then
> DEFAULT_GW_IP=`ifconfig ${i} | grep "inet addr" | awk '{print $2}'`
> fi
>
> sets "addr:xxx.yyy.zzz.www" as the DEFAULT_GW_IP. It needs to be changed
> to
>
> DEFAULT_GW_IP=`ifconfig ${i} | grep "inet addr" | awk '{print $2}' | awk
> -F: '{print $2}'`
or
DEFAULT_GW_IP=`ifconfig $i | awk '/inet/ {sub(/.*:/,"",$2);print $2}'
, which will also work for OSes like HP-UX where ifconfig
doesn't include the "addr:" string (not that bastille-netfilter
supports HP-UX yet, but it doesn't hurt to code flexibly).
>
> to strip out the "addr". Second, this block is running in a "for i" in
> INTERNAL_IFACES. Typically, the default gateway would be on one of the
> PUBLIC_IFACES. I added a for i in PUBLIC_IFACES right under the original
> one to cover this case.
Why not just do a "for i in $INTERNAL_IFACES $PUBLIC_IFACES"?
-- Sweth.
--
Sweth Chandramouli Idiopathic Systems Consulting
sv...@id... http://www.idiopathic.net/
|