A Firewall Install Script

Jurjen Bokma

June 2008


Remotely turning on a firewall always carries the risk of locking yourself out. Rather than properly stealing a script, I made my own. It has features attractive to me: before installing a new firewall, it checks whether I can still work when the new configuration is active. And it can often be used stand-alone (with just the binaries it needs, but no additional config) on fresh installations[28]. It has a --help option, but basic usage is:

[Note]Note

The firewall script also has some diagnostics. For example, to figure out whether the firewall currently running is according to the last stored configuration: firewall analyze.

[Warning]Warning

While the script does basic checking to make sure you can still press <ENTER> after starting the firewall, it doesn't check to see if you can log out, and ssh back to the machine under scrutiny.



[28] Yet, I am aware, it is programmed rather erratically.