Author: Unknown
Email: Unknown
Date Submitted: April 16, 1998
Edited by: David S. Jackson <dsj@dsj.net>
Status: New Entry
Releases: | All |
Platform: | All |
Category: | Networking and Nefcfg |
Category Listing: | How can I write a chat script by hand that invokes my firewall rules? |
A common question is how to write a chat script by hand. A further challenge is implementing firewall rules with ipfwadm that are launched at the same time the chat session is started.
ABORT BUSY ABORT ERROR ABORT 'NO CARRIER' ABORT 'NO DIALTONE' '' ATZ OK AT&K3&C1&D3M0 OK ATDT5419462 CONNECT
#!/bin/sh PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin export PATH exit 0
#!/bin/sh # called when the PPP link is up with the following arguments: # # $1 = interface-name (ie. ppp0) # $2 = tty-device (ie. /dev/modem) # $3 = speed (ie. 115200) # $4 = local-IP-addr # $5 = remote-IP-addr FW=/sbin/ipfwadm # clear all tables. for i in A I O F do $FW -$i -f done # setup a default policy that applies if packets don't match any # other rules. $FW -I -p reject -W $1 # deny spoofing. $FW -I -a deny -o -S $4 -W $1 $FW -I -a deny -o -S 127.0.0.0/24 -W $1 # allow return tcp invocations to the internal network for DNS. $FW -I -a accept -P udp -S 0.0.0.0/0 53 -D $4/0 1025:65535 -W $1 # accept return tcp traffic. $FW -I -a accept -P tcp -b -k -S 0.0.0.0/0 -D $4/0 -W $1 # allow incoming ident. $FW -I -a accept -P tcp -b -S 0.0.0.0/0 113 -D/0 $4 -W $1 # allow incoming smtp. $FW -I -a accept -P tcp -b -S 0.0.0.0/0 25 -D/0 $4 -W $1 # explicitly deny access to the X server. $FW -I -a deny -P tcp -S 0.0.0.0/0 -D $4/0 5999:6100 -W $1 $FW -I -a deny -P udp -S 0.0.0.0/0 -D $4/0 5999:6100 -W $1 # allow for outgoing ftp. $FW -I -a accept -k -P tcp -S 0.0.0.0/0 ftp -D $4 1024:65535 \ -W $1 $FW -I -a accept -P tcp -S 0.0.0.0/0 ftp-data -D $4 1024:65535 \ -W $1 # end of rules. /usr/local/bin/junkbuster -b /usr/local/lib/junkbuster/\ blockfile -l /usr/local/lib/junkbuster/logfile & exit 0
lock
username passwordwhere username and password are the ones supplied to you by your ISP. there must be a blank line after the password, or ppp will not work!
None.