Usually a server provides some network services. In order using some network service we need to tune our firewall and to apply some firewall rules. All commands to manage firewall rules in flex-fw are placed in the special scipts - services. In the flex-fw we have named as service a group of commands related to specified network service. Usually it contains a set of the commands to enable network traffic for specified network service.

Each of service has own uniquie name and represent by the separate file placed in the /etc/flex-fw/services directory. Basically, the service is a small shell scipt that will be run in a specific environment. Therefore you can use any ash/dash operators and functions in this script. But flex-fw add some extra functions aimed to manage iptables rules or control of flex-fw execution.

For example, you could group a few commands related to your office mail server to the one script with local.mail name and put it into /etc/flex-fw/services directory on your office mail server. The body of the scipt could be the following:

# Allow SMTP with anybody in the Internet
allow input in-if $ifWan proto tcp dport 25
allow output out-if $ifWan proto tcp dport 25

# Allow incoming SMTP, POP3 and IMAP for LAN
allow input in-if $ifLan proto tcp dports 25,110,143

# end of file

So, you have grouped a few commands into the one service script. To use it use the service command.

You can enable any mail exchange by executing the following command:

# flex-fw service local.mail start

The flex-fw will be search script local.mail in the /etc/flex-fw/services directory and run it in the flex-fw environment. As result, a few iptables rules will be generated. This behaviour is very ordinarilly.

But what will happen if we run the following command?

# flex-fw service local.mail stop

The flex-fw will run the same script again. But in this case the allow command will not add extra rules! Inversely, it will remove such rules if they are exists

Copyright (C) 2014 Vitaly Druzhinin
aka VitalkaDrug