Skip to content

disable fw reboot on base vm and default chain rules #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

disable fw reboot on base vm and default chain rules #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions instantiation/ruleset_modification/iptables_template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@

# Required configuration for iptables service
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
#*filter
#:INPUT ACCEPT [0:0]
#:FORWARD ACCEPT [0:0]
#:OUTPUT ACCEPT [0:0]

# Add below any firewall rules that you would like to appear for all the cyber range guests,
# as the firewall rules provided in the 'firewall_rules' task are appended to this file
Expand Down
6 changes: 3 additions & 3 deletions instantiation/ruleset_modification/ruleset_modify.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@ if [ ${basevm_type} = "kvm" ]; then
#sshpass -p ${image_passwd} ssh root@${image_addr} "yum install iptables-services -y"
## Stop the default CentOS 7 firewall 'firewalld' and start iptables
echo "ruleset_modify.sh: Stop firewalld and start iptables services..."
ssh root@${image_addr} "systemctl stop firewalld; systemctl start iptables; systemctl start ip6tables"
#ssh root@${image_addr} "systemctl stop firewalld; systemctl start iptables; systemctl start ip6tables"
## Disable firewalld and enable iptables
echo "ruleset_modify.sh: Disable firewalld and enable iptables services..."
ssh root@${image_addr} "systemctl disable firewalld; systemctl mask firewalld; systemctl enable iptables; systemctl enable ip6tables"
#ssh root@${image_addr} "systemctl disable firewalld; systemctl mask firewalld; systemctl enable iptables; systemctl enable ip6tables"

# Prepare the new iptables configuration
## Copy 'iptables_template' ruleset base to a new file called 'iptables'
Expand All @@ -44,7 +44,7 @@ if [ ${basevm_type} = "kvm" ]; then
# Restore iptables rules from configuration file
echo "ruleset_modify.sh: Restore iptables configuration from file..."
echo " (will also appear in the cloned VMs on reboot)"
ssh root@${image_addr} "iptables-restore /etc/sysconfig/iptables";
#ssh root@${image_addr} "iptables-restore /etc/sysconfig/iptables";

elif [ ${basevm_type} = "aws" ]; then
if [ ${os_type} = "amazon_linux" -o ${os_type} = "amazon_linux2" ]; then
Expand Down