Arch Linux loading script

jony127
2011-03-21
2013-03-05
  • jony127

    jony127 - 2011-03-21

    Hello,

    How I can upload script generated by firewallbuilder in Arch Linux?

    Thank you.

     
  • jony127

    jony127 - 2011-03-24

    Hello, I believe that the problem is in that the script generated with belongs compatible with Arch Linux, trying to load it it me throws mistakes in the lines of the script. I believe that it is a problem of compatibility.

    The configuration that I must to him spend to Arch must be something like:

    *filter
    :INPUT DROP
    :FORWARD DROP
    :OUTPUT DROP
    .
    .mas rules
    .
    - to OUTPUT-p udp - dport 53-j ACCEPT
    - to OUTPUT-p tcp - dport 80-j ACCEPT
    .
    .mas rules
    .
    COMMIT

     
  • jony127

    jony127 - 2011-03-24

    I am sorry, the previous message cannot edit that this badly

    *filter
    :INPUT DROP 
    :FORWARD DROP 
    :OUTPUT DROP

    -A OUTPUT -p udp -dport 53 -j ACCEPT
    -A OUTPUT -p tcp -dport 80 -j ACCEPT

    COMMIT

     
  • Mike Horn

    Mike Horn - 2011-03-24

    How are you trying to run the Firewall Builder generated script?  The command format you provided is for iptables-save and iptables-restore, but Firewall Builder generates a script file in bash shell format that should be run on the firewall.  This shell script includes functions to set interface IP addresses, static routes, etc. and also includes the iptables commands to install the firewall rules.

    Please make sure to read the documents I sent you, a good starting point is also the iptables Getting Started Guide:

    http://www.fwbuilder.org/4.0/docs/gs/iptables/gs-iptables.html

     
  • jony127

    jony127 - 2011-03-25

    ok,  Then is not it possible to use fwbuilder in Arch Linux?

     
  • Mike Horn

    Mike Horn - 2011-03-25

    There are thousands of users managing Linux iptables configurations with Firewall Builder.  It is not clear what problem you are having.

    Were you able to install and run the fwbuilder application?
    What version of fwbuilder are you using?
    Are you running fwbuilder on the same system that you are trying to configure iptables on?
    Were you able to create a firewall in fwbuilder and define rules for that firewall?
    Were you able to compile the rules using fwbuilder and get the generated script?
    Were you able to copy the fwbuilder generated script, ends in .fw, to the Linux system you are trying to manage?
    Did you try to run the fwbuider generated script?

    If you can provide screenshots, error messages, command line output, etc. we may be able to help you more.

     
  • jony127

    jony127 - 2011-03-28

    Due to some problems I had to change the operating system. Soon I will do more tests on a virtual machine and write again.

    Thank you.

     
  • jony127

    jony127 - 2011-04-02

    Hello,

    answering the questions:
    fwbuilder-4.1.3
    fwbuilder-executed on the same machine where you configure the firewall.

    Show the output of the compilation of rules:

    Compiling rule sets for firewall: firewall
    fwb_ipt -v -f /home/jonatan/fwbuilder/jonatan.fwb -d /home/jonatan/fwbuilder -o /home/jonatan/fwbuilder/firewall.fw -i id3678X16616
    *** Loading data …
    done
    Compiling ruleset Policy for 'mangle' table
    Detecting rule shadowing
    Compiling ruleset Policy for 'filter' table
    Detecting rule shadowing
    processing 5 rules
    rule 0 (eth0)
    rule 1 (lo)
    rule 2 (global)
    rule 3 (global)
    rule 4 (global)
    processing 5 rules
    rule 0 (eth0)
    rule 1 (lo)
    rule 2 (global)
    rule 3 (global)
    rule 4 (global)
    Output file name: /home/jonatan/fwbuilder/firewall.fw
    Compiled successfully

    Show the output of the installation rules:

    Summary:
    * Running as user : jonatan
    * Firewall name : firewall
    * Installer uses user name : root
    * Management address : 127.0.0.1
    * Platform : iptables
    * Host OS : linux24
    * Loading configuration from file /home/jonatan/fwbuilder/jonatan.fwb

    Installation plan:
    Copy file: /home/jonatan/fwbuilder/firewall.fw -> /etc/fw/tmp/firewall.fw
    Run script echo '-**-**-'; chmod +x /etc/fw/tmp/firewall.fw; sh /etc/fw/tmp/firewall.fw && echo 'Policy activated'

    Copying /home/jonatan/fwbuilder/firewall.fw -> 127.0.0.1:/etc/fw/tmp/firewall.fw
    Running command '/usr/bin/fwbuilder -Y scp -o ConnectTimeout=30 -q /home/jonatan/fwbuilder/firewall.fw root@127.0.0.1:/etc/fw/tmp/firewall.fw'
    The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
    ECDSA key fingerprint is f3:02:d7:85:32:a5:98:0f:80:97:b4:d2:a4:8d:63:20.
    Are you sure you want to continue connecting (yes/no)?
    root@127.0.0.1's password:
    SSH session terminated, exit status: 0
    Running command '/usr/bin/fwbuilder -X ssh -o ServerAliveInterval=10 -t -t -v -l root 127.0.0.1 echo '-**-**-'; chmod +x /etc/fw/tmp/firewall.fw; sh /etc/fw/tmp/firewall.fw && echo 'Policy activated''
    OpenSSH_5.8p1, OpenSSL 1.0.0d 8 Feb 2011
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Connecting to 127.0.0.1  port 22.
    debug1: Connection established.
    debug1: identity file /home/jonatan/.ssh/id_rsa type -1
    debug1: identity file /home/jonatan/.ssh/id_rsa-cert type -1
    debug1: identity file /home/jonatan/.ssh/id_dsa type -1
    debug1: identity file /home/jonatan/.ssh/id_dsa-cert type -1
    debug1: identity file /home/jonatan/.ssh/id_ecdsa type -1
    debug1: identity file /home/jonatan/.ssh/id_ecdsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8
    debug1: match: OpenSSH_5.8 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.8
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: sending SSH2_MSG_KEX_ECDH_INIT
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ECDSA f3:02:d7:85:32:a5:98:0f:80:97:b4:d2:a4:8d:63:20
    debug1: Host '127.0.0.1' is known and matches the ECDSA host key.
    debug1: Found key in /home/jonatan/.ssh/known_hosts:1
    debug1: ssh_ecdsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/jonatan/.ssh/id_rsa
    debug1: Trying private key: /home/jonatan/.ssh/id_dsa
    debug1: Trying private key: /home/jonatan/.ssh/id_ecdsa
    debug1: Next authentication method: password
    root@127.0.0.1's password:
    debug1: Authentication succeeded (password).
    Authenticated to 127.0.0.1 (:22).
    debug1: channel 0: new
    debug1: Requesting no-more-sessions@openssh.com
    debug1: Entering interactive session.
    debug1: Sending command: echo '-**-**-'; chmod +x /etc/fw/tmp/firewall.fw; sh /etc/fw/tmp/firewall.fw && echo 'Policy activated'
    Logged in
    -**-**-
    Activating firewall script generated Sat Apr  2 17:42:00 2011 by jonatan
    ip not found
    debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
    debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
    debug1: channel 0: free: client-session, nchannels 1
    Connection to 127.0.0.1 closed.
    Transferred: sent 2072, received 1648 bytes, in 0.1 seconds
    Bytes per second: sent 14462.2, received 11502.8
    debug1: Exit status 1
    SSH session terminated, exit status: 1
    Firewall policy installation failed

    The script appears copied to /etc/fw/tmp but the rules are not charged.

    Arch Linux in the rules to be loaded should be in /etc/iptables/iptables.rules. Copy the script generated on the route with the same name and when I run /etc/rc.d/iptables restart to load the rules I get the following:

    # /etc/rc.d/iptables restart
    :: Stopping IP Tables                                                                                                                                                                              
    :: Starting IP Tables                                                                                                                                                                             
    iptables-restore: line 18 failed
                                                                                                                                                                                                        

     
  • Julien

    Julien - 2011-06-06

    Have you seen the error "ip not found"  ? It looks like a missing package on your linux ? Which Linux did you install ? the "ip" command is usually installed with the package "iproute" or "iproute2".

     

Log in to post a comment.