I execute a script that adds a iptables logging rule for port-probing, to run it after each firewall restart I added the path to the script at the end of /etc/clearos/firewall.d/90-attack-detector, this worked fine but I noticed recently that these rules are no longer being added to iptables, it seems that 90-attack-detector might have been updated and therefore my path removed.
Where can I add a script to execute on each FW restart? does /etc/clearos/firewall.d/local get updated or is that safe?
(also I need the script to run after 90-attack-detector)
Where can I add a script to execute on each FW restart? does /etc/clearos/firewall.d/local get updated or is that safe?
(also I need the script to run after 90-attack-detector)
In Firewall
Share this post:
Responses (2)
-
Accepted Answer
Thanks for that, adding the IPv4 block was important, was wondering why the rules were added twice. thanks
(The script I run does not have static IP rules, instead it extracts all open ports from iptables and creates a rule to log all traffic excluding those open ports. Here is the script I run https://github.com/srulikuk/c-f2b/blob/master/iptables/rules.sh) -
Accepted Answer
Attack Detector was updared recently IIRC.
You can use the local file but remember the local file fires before all the numbered files, but after the main firewall and custom. Also just changing local will trigger an immediate firewall restart. We do not change the local file.
Alternatively you can add a numbered file. I think the number has to be between 01 and 99, but I am not sure of the exact rules. The number affects where it fires in the firewall starting sequence. The higher the number the later it fires.
Remember to always enclose you rules in an IPv4 block or that the file exits if the firewall is loading IPv6. See how it is done in any of the other files. There seem to be 2 ways. If you don't the rule will fire twice, once during the IPv4 script and once during the IPv6 script. If you specify an IPv4 IP address, the firewall will also show failed if the IPv6 script tries to load it.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »