firewall v2 easy setup for gbox by OniK ======================================= firewall v2 easy setup for gbox by OniK ======================================= script made by agecanonixeg
firewall v2 easy setup for gbox by OniK======================================= script made by agecanonixeg =======================================this is an quick easy setup please read the readme for full infos=======================================- backup /var/bin/firewall.sh- put :firewall.shfirewall.resolve.shfirewall.gbox.shin /var/bin and chmod 755- if you want some log edit firewall.resolve.shline 48 :# echo 1 > $GBOXFILEJust remove the # to active firewall log.log will be in /var/tmp/gbox_restart.log- put :firewall.dyndns firewall.usersin /var/etc and chmod 644In firewall.dyndns you must put all dyndns with dynamic IP.In firewall.users you must put all static IP (including the IP of your peers who have static IP)- if you don't use crontabs :telnet via dcc ...contrab -e "enter"press escape button on your keyboardtype command :wq "enter"put root file in /var/spool/cron/crontabs and check the rightsthey must be 600 (rw-------)- if you are already using crontabs :just add the line in the existing root file using command crontab -e- To start firewall :blue button select system settingsservice to run select firewall and crondsave-For info existing commands are :firewall.sh stopfirewall.sh startfirewall.sh restartnow says byebye attacks........
كود:
V2 scripts for firewall.
كود:
=========================================================================! B E F O R E U S E R E A D A L L T H I S C A R E F U L Y !=========================================================================Optimized for gbox Emu use.============================= W A R N I N G =============================All the scripts can be modify with an editorbut this must be done directly on the DM under linuxto keep the special linux characters compatibility.If you don't, the scripts can be not executed.Exist one solution to edit those scripts with astandard editor on PC.After editing the script, put it in its placeon DM with ftp tool. Then open DCC, use telneton DM. Use cd command to go to the place where hasbeen put the file. And then type this command:dos2unix "file name".Like this the scripts will be back to linuxcharacters set, and good to be execute.=========================================================================Those scripts are only for pli jade image on DM500 - DM 7000for others dreambox with pli jade image they may needan adjustment (path).For other images (nabilo, etc...), they needto have, like pli, iptables package on itbecause i use iptables and crontab.The scripts are ready to use. But if you use an Emuor Gbox you need to open and update the file firewall.resolve.sh.Firts of all you need to backup existing script/var/bin/firewall.shIn my package there are 3 scripts you mustput in /var/bin and chmod 755firewall.shfirewall.resolve.shfirewall.gbox.shFor using antoher emu than gboxedit firewall.resolve.shin line 11 you haveEMU="/var/etc/plimgr/scripts/gbox"just change the name gbox with the one you use.To know its real name, search with ftp tool(filezilla for example) and go to/var/etc/plimgr/scriptsyou will see the script name that launch your Emuit's this name needed.In the begining i advise you to let the line 45# RESTARTEMU="1"with the # (comment).Like this, the Emu won't restart each time an IP change for a dyndns.For gbox optmization, i add one more script (from V1)firewall.gbox.shI did this because, using firewall and gbox inoticed than sometimes gbox didn't update theclient ip after a change. So i wrote this new scriptand modify others to restart gbox after an hour ifthe client's IP had changed in firewall and didn'tin gbox. This option is disable by default.To enable it you must edit firewall.resolve.shin line 48 you'll have# echo 1 > $GBOXFILEJust remove the # to uncomment the line.I advise you to do this modification.This script creates /var/tmp/gbox_restart.logwhere it put logs, if you want to knowwhen and why gbox has restarted, just have a look in thisfile. If you want to modify the time beetween anip modification and the restart of Emu you can updatethe line 13 in firewall.gbox.shif [ $ETAT != 12 ]; thenJust change the number, the default is 12 (1 hour)The algorithm is 12*5 min=60 min, if you add 1 (13 instead of 12 default)that will be 13*5 min=65 min.I have tested and the default is nice i think.In the package you'll see 3 other filesfirewall.dyndns, firewall.users and root.In firewall.dyndns you must put all dyndns with dynamic IP.In firewall.users you must put all static IP (including the IP of your peerswho have static IP). Those files are given as example.You must put them in /var/etc and chmod them 644.The LAN is inlude in the firewall but you shouldadd all your IP for your LAN too (better for newcs).The root files contains the right command neededin crontabs. If you don't use crontabsfirst, on telnet with dcc, type the command contrab -ethen press escape button on keyboard and type :wq (enter)after put root file in /var/spool/cron/crontabs and verify the rightsThey must be 600 (rw-------).For the one who use crontab add just the line in theexisting file on telnet with dcc, using the command crontab -e.To start firewall use blue button,select system settings, go toservice to run and select firewall and crondthen save and exit. The firewall and crontabs willstart. You can control your firewallusing telnet with dcc. Type the commandfirewall.sh status give status of firewall.To update your dyndns and fixed IP.First use telnet on dcc and type commandfirewall.sh stop (to stop the firewall).just add or remove something in filesfirewall.dyndns or in firewall.users.After, use telnet on dcc and type commandfirewall.sh start before restarting Emu.That will be enough to update the firewallno more action is needed.For info other existing commands arefirewall.sh stopfirewall.sh startfirewall.sh restartIf you want to stop definitively the firewall and crontabsyou must use blue button or it will restartautomaticaly after reboot of DreamBox.My scripts create several files in /tmpdon't delete them.Enjoy and good bye attacks........