Weblog entry #2 for emeitner
See all weblog entries made by emeitner.
A quick little script to automatically enable Firestarter[1] when Network Manager[2] enables an interface. This is for Ubuntu/Breezy or bleeding edge Debian. Put it in /etc/NetworkManager/dispatcher.d
#!/bin/sh
source /etc/firestarter/configuration 2>&1
# Check to see if the interface that changed is the one currently
# protected by firestarter. If not, quit.
[ "$1" != "$IF" ] && exit
# Check the current status of Firestarter
[ -e /var/lock/subsys/firestarter -o -e /var/lock/firestarter ]
fs_status=$?
case "$2" in
up)
[ "$fs_status" -gt 0 ] && /etc/init.d/firestarter start
;;
down)
## Uncomment the following line to allow this script to
## turn off the firewall when the interface goes down.
#[ "$fs_status" -eq 0 ] && /etc/init.d/firestarter stop
;;
esac
By default it does not disable the firewall when the interface goes down because I prefer to do that myself. [1] http://packages.debian.org/stable/source/firestarter, http://fs-security.com/
[2] http://packages.debian.org/unstable/virtual/network-manager , http://www.gnome.org/projects/NetworkManager/
Comments on this Entry
The only problem I can see (and regularly run into) is that firestarter deosn't seem to be configurable to use the default interface only explicit interfaces as the "untrusted" network interface.
Therefore, whenever I change interfaces I have problems until I remember to reconfigure firestarter.
[ Parent | Reply to this comment ]
[ Send Message | View emeitner's Scratchpad | View Weblogs ]
Of course, one can substitute any firewall start/stop script above.
[ Parent | Reply to this comment ]
[ Send Message | View emeitner's Scratchpad | View Weblogs ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Send Message | View emeitner's Scratchpad | View Weblogs ]
[ Parent | Reply to this comment ]