May 9, 2007 at 6:15 am #40623
ZeroShell really rocks man! I think it is a great product.
There are a couple of things that I have not been able to work out:
1) When I use passwd to set the password for the root user, how can this be saved? Every time I restart ZeroShell, I have to set the password for root again.
2) I am managing a number of other firewalls and like to use fwbuilder to generate the rules for iptables. Is there a way that when ZeroShell reboots, the rules that I created can be used? fwbuilder basically creates an executable shell script that configures iptables. Can that script be saved somewhere in the database? Is there a directory in ZeroShell which contents are stored in the database?
Marc.May 13, 2007 at 7:57 am #45350
In the next release I will synchronize the root password with the admin one. At moment you should copy the file /etc/shadow in the directory /Database and in the file /etc/rc.local (automatically executed at the end of the startup) put the command:
cp /Database/shadow /etc
To execute your firewall scripts at the startup, you just have to store them in the /Database directory and then call them from the /etc/rc.local.
FulvioJune 17, 2008 at 9:00 pm #45351
I need to avoid broadcast tempest through zeroshell=bridge.
I add in Startup Configuration:
/cdrom/usr/local/sbin/iptables -A FORWARD -m pkttype –pkt-type multicast -m limit –limit 10/second -j ACCEPT
This rule is successfuly added at the end of FORWARD chain.
root@zeroshell misc> iptables -L |grep limit
ACCEPT all — anywhere anywhere PKTTYPE = multicast limit: avg 10/sec burst 5
But if I change something in firewall configuration, this rule disappeares.
=> reboot is necessary
Is there an other solution ?
FrancoisJune 17, 2008 at 9:24 pm #45352
From the section [Setup][Startup] of the web interface put the iptables rule in the startup script.
FulvioJune 18, 2008 at 6:17 am #45353
I didn’t explain very well.
The rule was added in [Setup][Startup] of the web interface.
My problem : If a modification is done in rules, iptables flush my addon.
May be you could add in your script something like
insert file etc/??/iptables.local
Either : how to add my addon in you configuration ?
Note : do you thing my rule is the best way to achieve broadcast control ?
Thanks a lot
FrançoisJune 18, 2008 at 9:00 am #45354
>I need to avoid broadcast tempest through zeroshell=bridge
My tests :
IPTABLES can’t filter Multicast !
But fulvio added ebtables in zeroshell. That’s the solution !!!!
In [Setup][Startup] of the web interface, I add :
ebtables -A FORWARD -d Multicast –limit 100/second -j ACCEPT
ebtables -A FORWARD -d Multicast -j DROP
I create a broadcast tempest on SEGMENT 1
The problem isn’t transmetted on SEGMENT 2
Test 2) VLC sends a video on SEGMENT 2
On SEGMENT 1 , video is very bad quality. OK for me
root@zeroshell root> ebtables -L –Lc
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 2, policy: ACCEPT
-d Multicast limit: avg 100/sec burst 5 -j ACCEPT , pcnt = 1778 — bcnt = 2374091
-d Multicast -j DROP , pcnt = 2017 — bcnt = 2735052
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
You must be logged in to reply to this topic.