Pessoal,

Tentei criar algumas regras de firewall, mas quando dou um start, ele gera alguns erros.
Os erros começam nas declarações de IPADDR, EXTERNAL_INTERFACE, e por ai vai...
O que fiz errado?
Abaixo segue uma parte das regras que fiz, não sei se é suficiente, mas aí está...
Estou usando o RedHat 9.

Abraços,

#-------------------------------------------------------------------------------
#!/bin/sh
#
# Invoke from /etc/rc.d/init.d/iptables.
# chkconfig: - 69 95
# description: Starts and stops the IPTABLES packet filter
# used to provide firewall network services
#------------------------------------------------------------------------------

# Source function library
. /etc/rc.d/init.d/functions

# Source networking configuration
. /etc/sysconfig/network

# Check that networking is up
if [ $(NETWORKING) = "no" ]; then
exit 0
fi

if [ ! -x /sbin/iptables ]; then
exit 0
fi

# See how we were called
case "$1" in
start)
echo -n "Starting Firewalling: "

#------------------------------------------------------------------------------
# Some definitions for easy manutenance
# EDIT THESE TO SUIT YOUR SYSTEM AND ISP
#---------------------------------------

IPADDR = 'ifconfig eth0 | fgrep -i inet | cut -d : -f 2 | cut -d \ -f 1'
EXTERNAL_INTERFACE = "eth0" # Internet connected interface
LOOPBACK_INTERFACE = "lo" # Local naming convention
PRIMARY_NAMESERVER = "10.15.11.10" # Primary name server
# SECUNDARY_NAMESERVER = "xx.xx.xx.xx" # Secundary name server
# SYSLOG_SERVER = "xx.xx.xx.xx" # Syslog internal server
SMTP_SERVER = "10.15.11.10" # Central mail hub server

LOOPBACK = "127.0.0.0/8" # Reserved loopback addr range
CLASS_A = "10.0.0.0/8" # Class A private networks
CLASS_B = "172.16.0.0/12" # Class B private networks
CLASS_C = "192.168.0.0/16" # Class C private networks
CLASS_D_MULTICAST = "224.0.0.0/4" # Class D multicast addr
CLASS_E_RESERVED_NET = "240.0.0.0/5" # Class E reserved addr
BROADCAST_SCR = "0.0.0.0" # Broadcast source addr
BROADCAST_DEST = "255.255.255.255" # Broadcast destination addr
PRIVPORTS = "0:1023" # Privileged port range
UNPRIVPORTS = "1024:" # Unprivileged port range

#------------------------------------------------------------------------------
# The SSH client starts at 1023 and works down to 513 for each additional
# simultaneous conection originating from privileged port.
# Clients can optionally be configured to use only unprivileged ports.
#---------------------------------------------------------------------

SSH_LOCAL_PORTS = "1022:65535" # Port range for local clients
SSH_REMOTE_PORTS = "513:65535" # Port range for remote clients

# traceroute usually uses -S 32769:65535 -D 33434:33523
TRACEROUTE_SRC_PORTS = "32769:65535"
TRACEROUTE_DEST_PORTS = "33434:33523"

#------------------------------------------------------------------------------
# Default policy is DENY
# Explicitly accept desired INCOMING & OUTGOING connections
#----------------------------------------------------------
# Remove all existing rules belonging to this filter
iptables -F

# Remove any existing user-defined chains
iptables -X

# Set the default policy of the filter to deny
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

#------------------------------------------------------------------------------
# LOOPBACK
#---------
# Unlimited traffic on the loopback interface
iptables -A INPUT -i $LOOPBACK_INTERFACE -j ACCEPT
iptables -A OUTPUT -o $LOOPBACK_INTERFACE -j ACCEPT