Installation manual
Cyclades-TS
57
Appendix A - Linux
Installation Manual
Another option is to edit the file /etc/network/firewall (or another file) directly, following the syntax defined in the
file itself. If the file is edited in this way, the command fwset cannot be used to save and restore the configuration.
Use
ipchains-save > file_name to save the lists in file_name
updatefiles file_name to save file_name to flash memory
ipchains-restore < file_name to restore the lists to the configuration in file_name
An example of the use of ipchains for a console access server
Referring to Fig 4.5
If the administrator wishes to restrict access to the consoles connected to the Cyclades-TS to a user on the
workstation with IP address 200.200.200.4, a filter can be set up as shown below.
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT
ipchains -A input -p tcp -s ! 200.200.200.4 -d 0.0.0.0/0 23 -j DENY
ipchains -A input -p tcp -s ! 200.200.200.4 -d 200.200.200.1 7001:7032 -j DENY
ipchains -A input -p tcp -s ! 200.200.200.4 -d 0.0.0.0/0 22 -j DENY
ts_menu Script to Simplify telnet and ssh Connections
(Note: This feature is only available for firmware versions 1.2.x and above)
The ts_menu script can be used to avoid typing long telnet or ssh commands. It presents a short menu with the
names of the servers connected to the serial ports of the Cyclades-TS. The server is selected by its
corresponding number. ts_menu must be executed from a local session: via console, telnet, ssh, dumb termi-
nal connected to a serial port, etc.
Only ports configured for console access (protocols socket_server or socket_ssh) will be presented.
An example is: