netscript-2.4 5.2.9ubuntu1 / etc / netscript / README

This file is indexed.

/etc/netscript/README is in netscript-2.4 5.2.9ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
Netscript Configuration files

The files found in this directory are for an alternative network configuration 
and IP filtering system for kernel 2.4 based on /bin/sh. This system is 
designed for use with a routing daemon like zebra. This system also uses 
iproute

Most of what you should really have to edit is found in network.conf

The files and their uses are as follows:

network.conf:	general network, bridging, QoS and some ptables configuration 
		items. Comments in here contain the current documentation 
		on the configuration items, which can even handle pppd, 
		wanconfig, and ciped. Configuration variables for ipfilter-defs
		are also in here.
ipfilter.conf:	The shell script sused to set up the iptables 
		filtering/masquerading etc.
if.conf		Lower level functions for configuring interfaces.
qos.conf	Functions to configure Quality of Service using /sbin/tc
ipfilter-defs.conf	Functions to help with the iptables-defs and netscript 
		compile firewalling tool.  
ipfilter-defs 	Directory containing firewall definiton tables that are 
		compiled into the unctions in ipfilter-defs-comiled.conf.

You should be able to do most things by editing the settings in network.conf.
See below for more details on this reccomended editing policy.

You will have to configure the firewall using the iptables commands directly,
or using the ipfilter-defs mentioned above.  Have a look in the ipfilter-defs
directory at the README filein there.  It will tell you where to start.

Don't forget to save the configurations using the 
'netscript ipfilter|ip6filter save' commands! Unlike the last version, 
the firewalling and filtering is no longer configured from network.conf.  
This has been done as stateful filtering has helped obviate the need for 
great complexity in the firewall scripts, and  more flexibility is possible. 
Complex firewalling can be achieved using the ipfilter-defs tools.

It is a good idea to get down and get dirty with iptables and learn it, 
which you will appreciate if you are running this to build a network - you 
should understand things fully, or else you will get things wrong.

UPGRADE PATH FROM KERNEL 2.4.X
------------------------------

The firewall/IP filtering stuff in ipfilter.conf is the part that changed 
radically with the move to iptables and a far better way of setting up the 
IP filtering rules, however the QoS and interface startup/shutdown in if.conf 
have changed but are backwards compatible with the old 2.2.x ipchains version
of netscript for the interface address configuration settings.  You will have
to set up the filtering again to use iptables by directly using the iptables
commands.

Also, the kernel 2.2.x version scripts are set up so that iptables is only 
run on a 2.4.x kernel, otherwise IP forwarding is disabled if beforehand 
you set IPFWDING_KERNEL to FILTER_ON in network.conf. 

This means that when you upgrade a box to a 2.4.x router kernel, you should
then be able to reboot it and log into remotely and upgrade netscript to the
version that will support 2.4.x.  In this situation, if you have set
old IPFWDING_KERNEL setting to FILTER_ON beforehand in network.conf, all 
IP forwarding through the box will also be disabled.  This means that you 
can safely remotely upgrade a firewall.

APT Browse - Built by Thomas Orozco.