From 1c5531ccaf7dc1e2a59712231bdaa095d289fe63 Mon Sep 17 00:00:00 2001 From: Christoph Date: Fri, 24 Feb 2017 04:24:38 +0100 Subject: [PATCH] Add file INSTALL --- INSTALL | 108 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 INSTALL diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..2317452 --- /dev/null +++ b/INSTALL @@ -0,0 +1,108 @@ + +# --- +# - Install scripts +# --- + +cp ipt-firewall-gateway /usr/local/sbin/ + +# - If ipv6 is in use.. +# - +cp ip6t-firewall-gateway /usr/local/sbin/ + + + +# --- +# - Configuration +# --- + +mkdir -p /etc/ipt-firewall +cp default_ports.conf \ + include_functions.conf \ + interfaces.conf \ + load_modules_ipv4.conf \ + load_modules_ipv6.conf \ + logging_ipv4.conf \ + logging_ipv6.conf \ + post_decalrations.conf /etc/ipt-firewall/ + +cp interfaces_ipv4.conf.sample /etc/ipt-firewall/interfaces_ipv4.conf +cp main_ipv4.conf.sample /etc/ipt-firewall/main_ipv4.conf + +# - Adjust files +# - /etc/ipt-firewall/interfaces_ipv4.conf +# - /etc/ipt-firewall/main_ipv4.conf +# - /etc/ipt-firewall/logging_ipv4.conf +# - + +# - If ipv6 is in use.. +# - +cp interfaces_ipv6.conf.sample /etc/ipt-firewall/interfaces_ipv6.conf +cp main_ipv6.conf.sample /etc/ipt-firewall/main_ipv6.conf + +# - Adjust files +# - /etc/ipt-firewall/interfaces_ipv6.conf +# - /etc/ipt-firewall/main_ipv4.conf +# - /etc/ipt-firewall/logging_ipv6.conf +# - + + + +# --- +# - systemd configuration for service "ipt-firewall-gateway" / "ip6t-firewall-gateway" +# --- + +## - Create a systemd service +## - + +# IPv4 +# +cat < /etc/systemd/system/ipt-firewall.service +[Unit] +Description=IPv4 Firewall with iptables +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/local/sbin/ipt-firewall-gateway start +ExecStop=/usr/local/sbin/ipt-firewall-gateway stop +User=root + +[Install] +WantedBy=multi-user.target +EOF + +# IPv6 +# +cat < /etc/systemd/system/ip6t-firewall.service +[Unit] +Description=IPv6 Firewall with ip6tables +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/local/sbin/ip6t-firewall-gateway start +ExecStop=/usr/local/sbin/ip6t-firewall-gateway stop +User=root + +[Install] +WantedBy=multi-user.target +EOF + + +## - Eanable script (for autostart at boot time) +## - +systemctl enable ipt-firewall.service +systemctl enable ip6t-firewall.service + +## - Reload systemd configuration +## - +systemctl daemon-reload + + +## - Start Services +## - +systemctl start ipt-firewall +systemctl start ip6t-firewall +