How to setup linux firewall ?

[ougogo]

Hi all !

 

Before install TCADMIN on my server, I want to know if someone have already do a script for configure linux firewall ? Like iptables.

 

Or a script compatible with CSF ?

 

I know that there are a documentation about how to make script, but if somebody would have the kindness to share it, it would be kind of him.

 

Thanks in advance !

[ougogo]

No idea for a script like that ?

 

I don't konw how to begin :

http://help.tcadmin.com/Scripting

Is empty.

[LFA]

Just take the script that you would normally execute to open a port. Replace the port number with ${ThisService_GamePort}

[Duvy]

I'd like to do just the same thing, auto open ports in iptables.

 

I've added to a game server's windows template (as the linux is using the windows template), the following simple thing:

OS: Linux

Script Engine: Batch/Shell script

Event: After Started

iptables -A INPUT -m udp -p udp --dport ${Service_GamePort} -j ACCEPT

I tried as a normal bash script, inserting to the first line:

#!/bin/bash

 

No luck, i thought the user, executing is not root, and tried this simple thing:

#!/bin/bash

echo "1" >> test.txt

 

I can't even make this run, so i'd like to ask some suggestions.

 

I'm editing Battlefield 2 Windows template, Battlefield 2 Linux is using windows's configuration.

Debian

[kaosx]

What Os are you using? The following should work

 

Keep in mind that /sbin/service iptables save is for cent os

 

Install script:

Code:

 

iptables -I INPUT -p udp --dport $[ThisServer_GamePort] -j ACCEPT

iptables -I INPUT -p udp --dport $[ThisServer_QueryPort] -j ACCEPT

iptables -I INPUT -p udp --dport $[ThisServer_RConPort] -j ACCEPT

/sbin/service iptables save

 

 

 

Uninstall script:

Code:

 

iptables -D INPUT -p udp --dport $[ThisServer_GamePort] -j ACCEPT

iptables -D INPUT -p udp --dport $[ThisServer_QueryPort] -j ACCEPT

iptables -D INPUT -p udp --dport $[ThisServer_RConPort] -j ACCEPT

/sbin/service iptables save

 

 

Since you are using CSF you might want to have it this way

/etc/csf/csf.conf

 

Iam not 100% but maybe ask luis if that would be correct id love to go back to linux aswell but only thing stopping me is the firewall rules

Edited February 20, 2013 by kaosx

[Duvy]

I'm using Debian unstable rep.

 

iptables-save only exports the rules to a file on default, but my problem is, that the script isnt running at all.

I tried this script on Service started:

echo "1" >> test.txt

That should save a "1" character to the test.txt, and after stopping, starting the service, there is no test.txt at all on the whole computer.

 

Normally just to add an iptable rule, for the running environment, it's not necessary, to save the iptables rules, and i'm not intended to do it, on restart, only the default rules are goint to be applied, and i imagined, when the tcadmin starts, when it starts the services, on start service, they are going to apply the game specified rules back.

Edited February 20, 2013 by Duvy

[kaosx]

I'm using Debian unstable rep.

 

iptables-save only exports the rules to a file on default, but my problem is, that the script isnt running at all.

I tried this script on Service started:

echo "1" >> test.txt

That should save a "1" character to the test.txt, and after stopping, starting the service, there is no test.txt at all on the whole computer.

 

Normally just to add an iptable rule, for the running environment, it's not necessary, to save the iptables rules, and i'm not intended to do it, on restart, only the default rules are goint to be applied, and i imagined, when the tcadmin starts, when it starts the services, on start service, they are going to apply the game specified rules back.

 

 

I have heard from a few people today who use linux normally just disable the firewall and it really doesnt do anything anyway, Same with windows

 

But it would be nice to have it auto add to the iptables, like it does for windows

 

I just like the thought of having an active FW, That the only reason iam using windows

 

I dont have to manually add ports to let the server be seen in the servers list

 

But again few people i know that run game servers dont even have there FW active

[Duvy]

Max it's working, it's just wierd, that the scripts, only apply to the new servers, you create, the existings wont use them.

 

So my conclusion is, you have to write it just as you'd write a .sh shell script, first row the interpretter, for eg:

#!/bin/bash

 

And the rest of the code.

A simple code, that is not the safest firewall rule:

After Started event:

#!/bin/bash

iptables -A INPUT -m tcp -p tcp --dport ${Service_GamePort} -j ACCEPT

After stopped event:

#!/bin/bash

iptables -D INPUT -m tcp -p tcp --dport ${Service_GamePort} -j ACCEPT

And also change tcp to udp, if needed, and the variables can be found here:

http://help.tcadmin.com/Custom_Scripts

 

As for kaosx, it's extremely dangerous to run a server without firewall, just imagine:

ddos, virus spamming, flooding traffic can be avoided, even bruteforce attacks, and a million other things that it's useful.