From 16b10bd119729758120fd9f472413b7208350aa8 Mon Sep 17 00:00:00 2001 From: Eliezer Croitoru Date: Thu, 19 Sep 2024 06:30:48 +0300 Subject: [PATCH] Added iptables init and updated busybox get script --- Makefile | 11 ++++++++++ get-busy-box-static.sh | 2 +- rules.v4 | 40 ++++++++++++++++++++++++++++++++++ rules.v6 | 49 ++++++++++++++++++++++-------------------- 4 files changed, 78 insertions(+), 24 deletions(-) diff --git a/Makefile b/Makefile index 633033c..fca3203 100644 --- a/Makefile +++ b/Makefile @@ -76,3 +76,14 @@ upgrade-gns3-server: get-busy-box-static: bash get-busy-box-static.sh + +disable-firewalld: + systemctl disable firewalld + systemctl stop firewalld + +init-iptables: + dnf install -y iptables-services iptables-utils + cp -vf rules.v4 /etc/sysconfig/iptables + cp -vf rules.v6 /etc/sysconfig/ip6tables + systemctl start iptables + systemctl enable iptables diff --git a/get-busy-box-static.sh b/get-busy-box-static.sh index 73cbb2c..b113a49 100755 --- a/get-busy-box-static.sh +++ b/get-busy-box-static.sh @@ -3,7 +3,7 @@ set -x set -e -docker run -d --name busybox_extractor -v ${pwd}:/installer debian:12 sleep 3600 +docker run -d --name busybox_extractor -v $(pwd):/installer debian:12 sleep 3600 docker exec -it busybox_extractor apt update diff --git a/rules.v4 b/rules.v4 index e69de29..b400300 100644 --- a/rules.v4 +++ b/rules.v4 @@ -0,0 +1,40 @@ +# Generated by iptables-save v1.8.5 on Thu Sep 19 06:28:39 2024 +*filter +:INPUT ACCEPT [1292:268675] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [1233:136774] +-A INPUT -i lo -j ACCEPT +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT +COMMIT +# Completed on Thu Sep 19 06:28:39 2024 +# Generated by iptables-save v1.8.5 on Thu Sep 19 06:28:39 2024 +*security +:INPUT ACCEPT [1739:304377] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [1233:136774] +COMMIT +# Completed on Thu Sep 19 06:28:39 2024 +# Generated by iptables-save v1.8.5 on Thu Sep 19 06:28:39 2024 +*raw +:PREROUTING ACCEPT [1953:339671] +:OUTPUT ACCEPT [1233:136774] +COMMIT +# Completed on Thu Sep 19 06:28:39 2024 +# Generated by iptables-save v1.8.5 on Thu Sep 19 06:28:39 2024 +*mangle +:PREROUTING ACCEPT [1953:339671] +:INPUT ACCEPT [1740:304575] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [1233:136774] +:POSTROUTING ACCEPT [1233:136774] +COMMIT +# Completed on Thu Sep 19 06:28:39 2024 +# Generated by iptables-save v1.8.5 on Thu Sep 19 06:28:39 2024 +*nat +:PREROUTING ACCEPT [54:8717] +:INPUT ACCEPT [2:116] +:POSTROUTING ACCEPT [3:196] +:OUTPUT ACCEPT [3:196] +COMMIT +# Completed on Thu Sep 19 06:28:39 2024 diff --git a/rules.v6 b/rules.v6 index e9d7fd8..99449e6 100644 --- a/rules.v6 +++ b/rules.v6 @@ -1,37 +1,40 @@ -# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024 +# Generated by ip6tables-save v1.8.5 on Thu Sep 19 06:28:50 2024 *filter -:INPUT ACCEPT [9:758] +:INPUT ACCEPT [21:1792] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [9:608] +:OUTPUT ACCEPT [22:1552] +-A INPUT -i lo -j ACCEPT +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT -# Completed on Tue Aug 27 02:40:47 2024 -# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024 +# Completed on Thu Sep 19 06:28:50 2024 +# Generated by ip6tables-save v1.8.5 on Thu Sep 19 06:28:50 2024 *security -:INPUT ACCEPT [9:758] +:INPUT ACCEPT [23:1932] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [9:608] +:OUTPUT ACCEPT [22:1552] COMMIT -# Completed on Tue Aug 27 02:40:47 2024 -# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024 +# Completed on Thu Sep 19 06:28:50 2024 +# Generated by ip6tables-save v1.8.5 on Thu Sep 19 06:28:50 2024 *raw -:PREROUTING ACCEPT [9:758] -:OUTPUT ACCEPT [9:608] +:PREROUTING ACCEPT [916:164852] +:OUTPUT ACCEPT [22:1552] COMMIT -# Completed on Tue Aug 27 02:40:47 2024 -# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024 +# Completed on Thu Sep 19 06:28:50 2024 +# Generated by ip6tables-save v1.8.5 on Thu Sep 19 06:28:50 2024 *mangle -:PREROUTING ACCEPT [9:758] -:INPUT ACCEPT [9:758] +:PREROUTING ACCEPT [915:164634] +:INPUT ACCEPT [23:1932] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [9:608] -:POSTROUTING ACCEPT [9:608] +:OUTPUT ACCEPT [22:1552] +:POSTROUTING ACCEPT [22:1552] COMMIT -# Completed on Tue Aug 27 02:40:47 2024 -# Generated by ip6tables-save v1.8.5 on Tue Aug 27 02:40:47 2024 +# Completed on Thu Sep 19 06:28:50 2024 +# Generated by ip6tables-save v1.8.5 on Thu Sep 19 06:28:50 2024 *nat -:PREROUTING ACCEPT [0:0] +:PREROUTING ACCEPT [162:30261] :INPUT ACCEPT [0:0] -:POSTROUTING ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [1:80] +:OUTPUT ACCEPT [1:80] COMMIT -# Completed on Tue Aug 27 02:40:47 2024 +# Completed on Thu Sep 19 06:28:50 2024