Welcome!

Welcome to Satlover forums, full of great people, ideas and excitement.

Please register if you would like to take part. link..

Register Now

Alert: Don't Use Hotmail Email Accounts for registration

Collapse

Before Access to all Forums and Trial accounts you must need to activate your account Email address

firewall V2 DM500 - DM7000

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • aslambhatti
    Senior Member
    • Jun 2010
    • 185

    firewall V2 DM500 - DM7000

    firewall V2 DM500 - DM7000





    =======================================



    this is an quick easy setup please read

    the readme for full infos



    =======================================





    - backup /var/bin/firewall.sh



    - put :

    firewall.sh

    firewall.resolve.sh

    firewall.gbox.sh

    in /var/bin and chmod 755



    - if you want some log edit firewall.resolve.sh

    line 48 :

    # echo 1 > $GBOXFILE

    Just remove the # to active firewall log.

    log will be in /var/tmp/gbox_restart.log



    - put :

    firewall.dyndns

    firewall.users

    in /var/etc and chmod 644



    In firewall.dyndns you must put all dyndns with dynamic IP.

    In firewall.users you must put all static IP

    (including the IP of your peers who have static IP)



    - if you don't use crontabs :

    telnet via dcc ...

    contrab -e "enter"

    press escape button on your keyboard

    type command :wq "enter"

    put root file in /var/spool/cron/crontabs and check the rights

    they must be 600 (rw-------)



    - if you are already using crontabs :

    just add the line in the existing root file using command crontab -e



    - To start firewall :

    blue button

    select system settings

    service to run

    select firewall and crond

    save



    -For info existing commands are :

    firewall.sh stop

    firewall.sh start

    firewall.sh restart



    now says byebye attacks........
    Quote:
    V2 scripts for firewall.

    ================================================== =======================

    ! B E F O R E U S E R E A D A L L T H I S C A R E F U L Y !

    ================================================== =======================



    Optimized for gbox Emu use.



    ============================= W A R N I N G =============================

    All the scripts can be modify with an editor

    but this must be done directly on the DM under linux

    to keep the special linux characters compatibility.

    If you don't, the scripts can be not executed.



    Exist one solution to edit those scripts with a

    standard editor on PC.



    After editing the script, put it in its place

    on DM with ftp tool. Then open DCC, use telnet

    on DM. Use cd command to go to the place where has

    been put the file. And then type this command:

    dos2unix "file name".

    Like this the scripts will be back to linux

    characters set, and good to be execute.

    ================================================== =======================



    Those scripts are only for pli jade image on DM500 - DM 7000

    for others dreambox with pli jade image they may need

    an adjustment (path).

    For other images (nabilo, etc...), they need

    to have, like pli, iptables package on it

    because i use iptables and crontab.

    The scripts are ready to use. But if you use an Emu

    or Gbox you need to open and update the file firewall.resolve.sh.

    Firts of all you need to backup existing script

    /var/bin/firewall.sh



    In my package there are 3 scripts you must

    put in /var/bin and chmod 755

    firewall.sh

    firewall.resolve.sh

    firewall.gbox.sh

    For using antoher emu than gbox

    edit firewall.resolve.sh

    in line 11 you have

    EMU="/var/etc/plimgr/scripts/gbox"

    just change the name gbox with the one you use.

    To know its real name, search with ftp tool

    (filezilla for example) and go to

    /var/etc/plimgr/scripts

    you will see the script name that launch your Emu

    it's this name needed.

    In the begining i advise you to let the line 45

    # RESTARTEMU="1"

    with the # (comment).

    Like this, the Emu won't restart each time an IP change for a dyndns.



    For gbox optmization, i add one more script (from V1)

    firewall.gbox.sh

    I did this because, using firewall and gbox i

    noticed than sometimes gbox didn't update the

    client ip after a change. So i wrote this new script

    and modify others to restart gbox after an hour if

    the client's IP had changed in firewall and didn't

    in gbox. This option is disable by default.

    To enable it you must edit firewall.resolve.sh

    in line 48 you'll have

    # echo 1 > $GBOXFILE

    Just remove the # to uncomment the line.

    I advise you to do this modification.

    This script creates /var/tmp/gbox_restart.log

    where it put logs, if you want to know

    when and why gbox has restarted, just have a look in this

    file. If you want to modify the time beetween an

    ip modification and the restart of Emu you can update

    the line 13 in firewall.gbox.sh

    if [ $ETAT != 12 ]; then

    Just change the number, the default is 12 (1 hour)

    The algorithm is 12*5 min=60 min, if you add 1 (13 instead of 12 default)

    that will be 13*5 min=65 min.

    I have tested and the default is nice i think.



    In the package you'll see 3 other files

    firewall.dyndns, firewall.users and root.

    In firewall.dyndns you must put all dyndns with dynamic IP.

    In firewall.users you must put all static IP (including the IP of your peers

    who have static IP). Those files are given as example.

    You must put them in /var/etc and chmod them 644.

    The LAN is inlude in the firewall but you should

    add all your IP for your LAN too (better for newcs).



    The root files contains the right command needed

    in crontabs. If you don't use crontabs

    first, on telnet with dcc, type the command contrab -e

    then press escape button on keyboard and type :wq (enter)

    after put root file in /var/spool/cron/crontabs and verify the rights

    They must be 600 (rw-------).

    For the one who use crontab add just the line in the

    existing file on telnet with dcc, using the command crontab -e.



    To start firewall use blue button,

    select system settings, go to

    service to run and select firewall and crond

    then save and exit. The firewall and crontabs will

    start. You can control your firewall

    using telnet with dcc. Type the command

    firewall.sh status give status of firewall.

    To update your dyndns and fixed IP.

    First use telnet on dcc and type command

    firewall.sh stop (to stop the firewall).

    just add or remove something in files

    firewall.dyndns or in firewall.users.

    After, use telnet on dcc and type command

    firewall.sh start before restarting Emu.

    That will be enough to update the firewall

    no more action is needed.

    For info other existing commands are

    firewall.sh stop

    firewall.sh start

    firewall.sh restart

    If you want to stop definitively the firewall and crontabs

    you must use blue button or it will restart

    automaticaly after reboot of DreamBox.

    My scripts create several files in /tmp

    don't delete them.

    Enjoy and good bye attacks........
    Attached Files
Working...