Surviving a reboot…

Home Page Forums Network Management ZeroShell Surviving a reboot…

This topic contains 4 replies, has 0 voices, and was last updated by  marc 10 years, 7 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #40623

    marc
    Member

    Fulvio,

    ZeroShell really rocks man! I think it is a great product.

    There are a couple of things that I have not been able to work out:

    1) When I use passwd to set the password for the root user, how can this be saved? Every time I restart ZeroShell, I have to set the password for root again.

    2) I am managing a number of other firewalls and like to use fwbuilder to generate the rules for iptables. Is there a way that when ZeroShell reboots, the rules that I created can be used? fwbuilder basically creates an executable shell script that configures iptables. Can that script be saved somewhere in the database? Is there a directory in ZeroShell which contents are stored in the database?

    Marc.

    #45350

    imported_fulvio
    Participant

    In the next release I will synchronize the root password with the admin one. At moment you should copy the file /etc/shadow in the directory /Database and in the file /etc/rc.local (automatically executed at the end of the startup) put the command:
    cp /Database/shadow /etc

    To execute your firewall scripts at the startup, you just have to store them in the /Database directory and then call them from the /etc/rc.local.

    Regards
    Fulvio

    #45351

    Malard
    Member

    I need to avoid broadcast tempest through zeroshell=bridge.

    I add in Startup Configuration:

    /cdrom/usr/local/sbin/iptables -A FORWARD -m pkttype –pkt-type multicast -m limit –limit 10/second -j ACCEPT

    This rule is successfuly added at the end of FORWARD chain.

    root@zeroshell misc> iptables -L |grep limit

    ACCEPT all — anywhere anywhere PKTTYPE = multicast limit: avg 10/sec burst 5

    But if I change something in firewall configuration, this rule disappeares.
    => reboot is necessary

    Is there an other solution ?

    Thanks
    Francois

    #45352

    imported_fulvio
    Participant

    From the section [Setup][Startup] of the web interface put the iptables rule in the startup script.

    Regards
    Fulvio

    #45353

    Malard
    Member

    I didn’t explain very well.

    The rule was added in [Setup][Startup] of the web interface.

    My problem : If a modification is done in rules, iptables flush my addon.

    May be you could add in your script something like
    insert file etc/??/iptables.local

    Either : how to add my addon in you configuration ?

    Note : do you thing my rule is the best way to achieve broadcast control ?

    Thanks a lot
    François

    #45354

    Malard
    Member

    >I need to avoid broadcast tempest through zeroshell=bridge

    My tests :

    IPTABLES can’t filter Multicast !

    But fulvio added ebtables in zeroshell. That’s the solution !!!!

    In [Setup][Startup] of the web interface, I add :

    ebtables -A FORWARD -d Multicast –limit 100/second -j ACCEPT
    ebtables -A FORWARD -d Multicast -j DROP

    Test 1)
    I create a broadcast tempest on SEGMENT 1
    The problem isn’t transmetted on SEGMENT 2

    Test 2) VLC sends a video on SEGMENT 2

    On SEGMENT 1 , video is very bad quality. OK for me

    root@zeroshell root> ebtables -L –Lc
    Bridge table: filter

    Bridge chain: INPUT, entries: 0, policy: ACCEPT

    Bridge chain: FORWARD, entries: 2, policy: ACCEPT
    -d Multicast limit: avg 100/sec burst 5 -j ACCEPT , pcnt = 1778 — bcnt = 2374091
    -d Multicast -j DROP , pcnt = 2017 — bcnt = 2735052

    Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

    François

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.