Changeset af8e1cb5 for postlfs/security/firewalling-systemd.xml

Timestamp:

07/20/2014 03:55:27 PM (10 years ago)

Author:

Krejzi <krejzi@…>

Branches:

systemd-11177

Children:

d131a8a

Parents:

4321c68

Message:

Convert iptables, firewall section and haveged to systemd. Remove network service files from systemd-units.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@13509 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/firewalling-systemd.xml (moved) (moved from postlfs/security/firewalling.xml ) (5 diffs)

postlfs/security/firewalling-systemd.xml

@@ -141 +141 @@
     </caution>
 
-    <para>The firewall configuration script installed in the iptables section
-    differs from the standard configuration script. It only has two of
-    the standard targets: start and status. The other targets are clear
-    and lock. For instance if you issue:</para>
-
-<screen role="root"><userinput>/etc/rc.d/init.d/iptables start</userinput></screen>
-
-    <para>the firewall will be restarted just as it is upon system startup.
-    The status target will present a list of all currently implemented
-    rules. The clear target turns off all firewall rules and the lock
-    target will block all packets in and out of the computer with the
-    exception of the loopback interface.</para>
-
     <para>The main startup firewall is located in the file
-    <filename>/etc/rc.d/rc.iptables</filename>. The sections below provide
+    <filename>/etc/systemd/scripts/iptables</filename>. The sections below provide
     three different approaches that can be used for a system.</para>
 
@@ -178 +165 @@
       to the Linux 2.6 kernels.</para>
 
-<screen role="root"><?dbfo keep-together="auto"?><userinput>cat &gt; /etc/rc.d/rc.iptables &lt;&lt; "EOF"
+<screen role="root"><?dbfo keep-together="auto"?><userinput>install -v -dm755 /etc/systemd/scripts
+
+cat &gt; /etc/systemd/scripts/iptables &lt;&lt; "EOF"
 <literal>#!/bin/sh
 
-# Begin rc.iptables
+# Begin /etc/systemd/scripts/iptables
 
 # Insert connection-tracking modules
@@ -250 +239 @@
 iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT "
 
-# End $rc_base/rc.iptables</literal>
+# End /etc/systemd/scripts/iptables</literal>
 EOF
-chmod 700 /etc/rc.d/rc.iptables</userinput></screen>
+chmod 700 /etc/systemd/scripts/iptables</userinput></screen>
 
       <para>This script is quite simple, it drops all traffic coming
@@ -284 +273 @@
       a worm via a buffer-overflow).</para>
 
-<screen role="root"><?dbfo keep-together="auto"?><userinput>cat &gt; /etc/rc.d/rc.iptables &lt;&lt; "EOF"
+<screen role="root"><?dbfo keep-together="auto"?><userinput>install -v -dm755 /etc/systemd/scripts
+
+cat &gt; /etc/systemd/scripts/iptables &lt;&lt; "EOF"
 <literal>#!/bin/sh
 
-# Begin rc.iptables
+# Begin /etc/systemd/scripts/iptables
 
 echo
@@ -371 +362 @@
 
 # Enable IP Forwarding
-echo 1 &gt; /proc/sys/net/ipv4/ip_forward</literal>
+echo 1 &gt; /proc/sys/net/ipv4/ip_forward
+
+# End /etc/systemd/scripts/iptables</literal>
 EOF
-chmod 700 /etc/rc.d/rc.iptables</userinput></screen>
+chmod 700 /etc/systemd/scripts/iptables</userinput></screen>
 
       <para>With this script your intranet should be reasonably secure