firewall v2 easy setup for gbox by OniK
Code:
=======================================
firewall v2 easy setup for gbox by OniK
=======================================
script made by agecanonixeg
=======================================
this is an quick easy setup please read
the readme for full infos
=======================================
- backup /var/bin/firewall.sh
- put :
firewall.sh
firewall.resolve.sh
firewall.gbox.sh
in /var/bin and chmod 755
- if you want some log edit firewall.resolve.sh
line 48 :
# echo 1 > $GBOXFILE
Just remove the # to active firewall log.
log will be in /var/tmp/gbox_restart.log
- put :
firewall.dyndns
firewall.users
in /var/etc and chmod 644
In firewall.dyndns you must put all dyndns with dynamic IP.
In firewall.users you must put all static IP
(including the IP of your peers who have static IP)
- if you don't use crontabs :
telnet via dcc ...
contrab -e "enter"
press escape button on your keyboard
type command :wq "enter"
put root file in /var/spool/cron/crontabs and check the rights
they must be 600 (rw-------)
- if you are already using crontabs :
just add the line in the existing root file using command crontab -e
- To start firewall :
blue button
select system settings
service to run
select firewall and crond
save
-For info existing commands are :
firewall.sh stop
firewall.sh start
firewall.sh restart
now says byebye attacks........
Code:
V2 scripts for firewall.
=========================================================================
! B E F O R E U S E R E A D A L L T H I S C A R E F U L Y !
=========================================================================
Optimized for gbox Emu use.
============================= W A R N I N G =============================
All the scripts can be modify with an editor
but this must be done directly on the DM under linux
to keep the special linux characters compatibility.
If you don't, the scripts can be not executed.
Exist one solution to edit those scripts with a
standard editor on PC.
After editing the script, put it in its place
on DM with ftp tool. Then open DCC, use telnet
on DM. Use cd command to go to the place where has
been put the file. And then type this command:
dos2unix "file name".
Like this the scripts will be back to linux
characters set, and good to be execute.
=========================================================================
Those scripts are only for pli jade image on DM500 - DM 7000
for others dreambox with pli jade image they may need
an adjustment (path).
For other images (nabilo, etc...), they need
to have, like pli, iptables package on it
because i use iptables and crontab.
The scripts are ready to use. But if you use an Emu
or Gbox you need to open and update the file firewall.resolve.sh.
Firts of all you need to backup existing script
/var/bin/firewall.sh
In my package there are 3 scripts you must
put in /var/bin and chmod 755
firewall.sh
firewall.resolve.sh
firewall.gbox.sh
For using antoher emu than gbox
edit firewall.resolve.sh
in line 11 you have
EMU="/var/etc/plimgr/scripts/gbox"
just change the name gbox with the one you use.
To know its real name, search with ftp tool
(filezilla for example) and go to
/var/etc/plimgr/scripts
you will see the script name that launch your Emu
it's this name needed.
In the begining i advise you to let the line 45
# RESTARTEMU="1"
with the # (comment).
Like this, the Emu won't restart each time an IP change for a dyndns.
For gbox optmization, i add one more script (from V1)
firewall.gbox.sh
I did this because, using firewall and gbox i
noticed than sometimes gbox didn't update the
client ip after a change. So i wrote this new script
and modify others to restart gbox after an hour if
the client's IP had changed in firewall and didn't
in gbox. This option is disable by default.
To enable it you must edit firewall.resolve.sh
in line 48 you'll have
# echo 1 > $GBOXFILE
Just remove the # to uncomment the line.
I advise you to do this modification.
This script creates /var/tmp/gbox_restart.log
where it put logs, if you want to know
when and why gbox has restarted, just have a look in this
file. If you want to modify the time beetween an
ip modification and the restart of Emu you can update
the line 13 in firewall.gbox.sh
if [ $ETAT != 12 ]; then
Just change the number, the default is 12 (1 hour)
The algorithm is 12*5 min=60 min, if you add 1 (13 instead of 12 default)
that will be 13*5 min=65 min.
I have tested and the default is nice i think.
In the package you'll see 3 other files
firewall.dyndns, firewall.users and root.
In firewall.dyndns you must put all dyndns with dynamic IP.
In firewall.users you must put all static IP (including the IP of your peers
who have static IP). Those files are given as example.
You must put them in /var/etc and chmod them 644.
The LAN is inlude in the firewall but you should
add all your IP for your LAN too (better for newcs).
The root files contains the right command needed
in crontabs. If you don't use crontabs
first, on telnet with dcc, type the command contrab -e
then press escape button on keyboard and type :wq (enter)
after put root file in /var/spool/cron/crontabs and verify the rights
They must be 600 (rw-------).
For the one who use crontab add just the line in the
existing file on telnet with dcc, using the command crontab -e.
To start firewall use blue button,
select system settings, go to
service to run and select firewall and crond
then save and exit. The firewall and crontabs will
start. You can control your firewall
using telnet with dcc. Type the command
firewall.sh status give status of firewall.
To update your dyndns and fixed IP.
First use telnet on dcc and type command
firewall.sh stop (to stop the firewall).
just add or remove something in files
firewall.dyndns or in firewall.users.
After, use telnet on dcc and type command
firewall.sh start before restarting Emu.
That will be enough to update the firewall
no more action is needed.
For info other existing commands are
firewall.sh stop
firewall.sh start
firewall.sh restart
If you want to stop definitively the firewall and crontabs
you must use blue button or it will restart
automaticaly after reboot of DreamBox.
My scripts create several files in /tmp
don't delete them.
Enjoy and good bye attacks........