1 00:00:00,05 --> 00:00:01,08 - [Instructor] It's cumbersome, 2 00:00:01,08 --> 00:00:04,02 to keep typing IP tables commands, 3 00:00:04,02 --> 00:00:07,02 into our command line interface or CLI. 4 00:00:07,02 --> 00:00:12,06 You can automate this process by creating a shell script. 5 00:00:12,06 --> 00:00:18,01 We'll start by creating a file for the shell script. 6 00:00:18,01 --> 00:00:22,05 Let's first change our working directory to Documents 7 00:00:22,05 --> 00:00:26,05 by typing cd Documents. 8 00:00:26,05 --> 00:00:28,08 Press Enter. 9 00:00:28,08 --> 00:00:35,06 Type nano, space, the name of the file, which is 10 00:00:35,06 --> 00:00:45,04 M-Y-F-W, standing for my firewall dot S-H. 11 00:00:45,04 --> 00:00:46,09 Press Enter, 12 00:00:46,09 --> 00:00:52,01 nano is one of the pre-installed Linux text editors. 13 00:00:52,01 --> 00:01:02,05 Let's start by typing iptables space dash P 14 00:01:02,05 --> 00:01:06,06 meaning the default firewall rule, 15 00:01:06,06 --> 00:01:13,06 space INPUT for all the incoming traffic. 16 00:01:13,06 --> 00:01:16,04 We'll be dropping all the incoming traffic 17 00:01:16,04 --> 00:01:22,00 which is why we type DROP next. 18 00:01:22,00 --> 00:01:27,05 Now the second rule is for the outgoing traffic. 19 00:01:27,05 --> 00:01:31,07 The net filter chain for that is output. 20 00:01:31,07 --> 00:01:34,01 We allow all the outgoing traffic 21 00:01:34,01 --> 00:01:45,04 which is why we type iptables, space, dash P, OUTPUT, 22 00:01:45,04 --> 00:01:49,05 space, ACCEPT. 23 00:01:49,05 --> 00:01:51,03 Press Enter. 24 00:01:51,03 --> 00:02:03,00 Next type iptables, space dash P space FORWARD. 25 00:02:03,00 --> 00:02:06,05 The forward chain is going to be disabled. 26 00:02:06,05 --> 00:02:12,09 Therefore we type FORWARD space DROP. 27 00:02:12,09 --> 00:02:18,04 Now save the file by pressing Control + X together. 28 00:02:18,04 --> 00:02:24,09 Type Y, press Enter to accept the current file name 29 00:02:24,09 --> 00:02:29,03 which is myfw.sh. 30 00:02:29,03 --> 00:02:33,00 Before running our shell script, we want to make sure 31 00:02:33,00 --> 00:02:36,01 our shell script is executable. 32 00:02:36,01 --> 00:02:41,04 To check this type ls space dash l. 33 00:02:41,04 --> 00:02:44,05 Press Enter. 34 00:02:44,05 --> 00:02:49,05 The permissions are read-write, read and read 35 00:02:49,05 --> 00:02:53,06 for the user of the file, group and others. 36 00:02:53,06 --> 00:02:58,00 We need to change the permissions to make a file executable. 37 00:02:58,00 --> 00:03:03,09 To do this type chmod 38 00:03:03,09 --> 00:03:15,02 standing for change mode, space, U-G-O plus sign X space 39 00:03:15,02 --> 00:03:23,03 and then the name of the file M-Y-F-W dot S-H. 40 00:03:23,03 --> 00:03:28,07 X here means executable and U-G-O plus X indicates 41 00:03:28,07 --> 00:03:35,06 adding execute permission to the user, group and others. 42 00:03:35,06 --> 00:03:38,04 Press Enter. 43 00:03:38,04 --> 00:03:42,07 Let's do ls -l again, 44 00:03:42,07 --> 00:03:47,06 to see if the file permissions have been updated. 45 00:03:47,06 --> 00:03:49,05 Press Enter. 46 00:03:49,05 --> 00:03:55,00 The color of the file name, myfw.sh is now green, 47 00:03:55,00 --> 00:03:59,06 indicating that the file is executable. 48 00:03:59,06 --> 00:04:02,04 You can also see the X is having added 49 00:04:02,04 --> 00:04:05,02 to the file permissions. 50 00:04:05,02 --> 00:04:15,04 R-W-X here, R-X for group, R-X for others. 51 00:04:15,04 --> 00:04:19,04 Finally, we're ready to run the shell script. 52 00:04:19,04 --> 00:04:23,00 Usually all you have to do is type the name 53 00:04:23,00 --> 00:04:25,06 of the shell script, but in our case, 54 00:04:25,06 --> 00:04:31,03 the commands in the shell script require root permissions, 55 00:04:31,03 --> 00:04:35,07 which is why we're typing sudo again. 56 00:04:35,07 --> 00:04:44,02 sudo space, a period, meaning the current directory, 57 00:04:44,02 --> 00:04:54,00 and then forward slash and the name of the file, myfw.sh. 58 00:04:54,00 --> 00:04:59,03 Press Enter to run the shell script. 59 00:04:59,03 --> 00:05:01,09 We lose our remote desktop connection again 60 00:05:01,09 --> 00:05:06,04 which means the shell script worked, great job! 61 00:05:06,04 --> 00:05:10,00 You just automated your Netfilter configuration process. 62 00:05:10,00 --> 00:05:13,04 We'll be using shell scripts from now on 63 00:05:13,04 --> 00:05:17,00 for all the Netfilter configuration activities.