Saturday, 19 October 2013

Bash script wrapper for Easy Firewall Generator IPTables

I wanted a gateway firewall, to share internet access from one interface to another.  Iptables is excellent for this, but setting it up manually is a pain.

Easy Firewall Generator provides a excellent gateway iptables script but in my environment the interface names could change and manually editing the script is no good.

This script basically a 'wrapper script' for the Easy Firewall Generator script, with a few mods.

The usage is: 
./ics.sh -i [Internet Interface] -e [Sharing Interface] -a [Sharing IP Address]
 
For example, if eth0 had internet access and I wanted to share the internet connection to hostapd wlan0 (10.0.0.1) then the command to enable sharing would be:

./ics.sh -i eth0 -e wlan0 -a 10.0.0.1


You will need to generate a iptables 'firewall script' using the Easy Firewall Generator site.
  • On the website just select arbitrary values for the interfaces and ip addresses.
  • On the website, in section "Select Type of Internet Address ", select "Dynamic Internet IP Address"
  • Click generate, save the code, comment out the "Internet Interface" and the "Local Interface Information" sections in the saved 'firewall script'.
  • In the 'firewall script' remove the first line "#!/bin/sh"
  • Then add the raw 'wrapper script' below to the top of your firewall script.
  • Save and chmod +x the file before trying it out.


Those instruction suck.
Find the script here or below:




WindyCityTech Blogger
WindyWindyCityTech Wordpress

No comments:

Post a Comment