IPTables question
/etc/sysconfig/iptables has this rule -A RH-Lokkit-0-50-INPUT -s 12.224.128.149/255.255.254.0 -j REJECT Yet, 12.224.128.149 can still connect. Any idea why? Could it relate to the machine having more than one network card? I'm using eth1. Port eth0 is disabled. Is iptables assuming eth0? Thanks -Ed -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Fwd: Iptables question.
If you are applying new rules via a script, you need to first flush all existing chains, then delete the additional chains, otherwise you will try to create a chain that already exists... >From the turorial at http://www.netfilter.org/documentation/tutorials/blueflux/ # # flush all the rules in the filter and nat tables. # $IPTABLES -F $IPTABLES -t nat -F $IPTABLES -t mangle -F # # erase all chains that's not default in filter and nat table. # $IPTABLES -X $IPTABLES -t nat -X $IPTABLES -t mangle -X Regards, Peter -- Forwarded Message -- Subject: Iptables question. Date: Tue, 17 Sep 2002 15:01:42 +0200 (CEST) From: linux power <[EMAIL PROTECTED]> To: redhat mail list <[EMAIL PROTECTED]> When I apply new rules to my iptables I get this. Chain already excist. And I cant apply any new rules although I can flush the rules, but linux doesent use them. The chain message was not in the beginning when I installed iptables, but occured a couple of days ago. Is there any hacker the had comes in through port 631 (the cups port) which is open, and have made it that way that I cant change the chain rules? Pr?v betaversjonen av den nye Yahoo! Mail Nytt design, enklere ? bruke, alltid tilgang til Adressebok, Kalender og Notisbok --- When I apply new rules to my iptables I get this. Chain already excist. And I cant apply any new rules although I can flush the rules, but linux doesent use them. The chain message was not in the beginning when I installed iptables, but occured a couple of days ago. Is there any hacker the had comes in through port 631 (the cups port) which is open, and have made it that way that I cant change the chain rules?Prøv betaversjonen av den nye Yahoo! Mail Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok
Iptables question.
When I apply new rules to my iptables I get this. Chain already excist. And I cant apply any new rules although I can flush the rules, but linux doesent use them. The chain message was not in the beginning when I installed iptables, but occured a couple of days ago. Is there any hacker the had comes in through port 631 (the cups port) which is open, and have made it that way that I cant change the chain rules?Prøv betaversjonen av den nye Yahoo! Mail Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok
IPTables question
What do I have to enter in via command line to ban all the traffic on ethernet adapter eth0 coming or leaving 255.255.255.255 and 0.0.0.0. I am tired of bootp traffic my server gets hit cause provider does not force other users to check their configurations, so I would like to ban all bootp traffic to my external adapter and all 255.255.255.255 and 0.0.0.0 traffic. Thank you in advance! __ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Iptables question
You could try this: iptables -A INPUT -s x.x.x.x -j DROP On Wed, 3 Jul 2002, Apolinaras Sinkevicius wrote: > How do I ban address X.X.X.X from connecting to > 0.0.0.0 and 255.255.255.255 > What would be the command line I need to enter? > > I am still adjusting to non-NT world, so I need a bit > help. > I keep on getting 2 systems constantly wasting my time > with their attempts to connect ot 255.255.255.255 and > 0.0.0.0 on my server, I tired closing those with > Firestarter (good GUI for firewall, for non-pro), but > it does not seem to work. > > __ > Do You Yahoo!? > Sign up for SBC Yahoo! Dial - First Month Free > http://sbc.yahoo.com > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Iptables question
How do I ban address X.X.X.X from connecting to 0.0.0.0 and 255.255.255.255 What would be the command line I need to enter? I am still adjusting to non-NT world, so I need a bit help. I keep on getting 2 systems constantly wasting my time with their attempts to connect ot 255.255.255.255 and 0.0.0.0 on my server, I tired closing those with Firestarter (good GUI for firewall, for non-pro), but it does not seem to work. __ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Ipchains vs Iptables question
On Thu, 21 Mar 2002, Ashwin Khandare wrote: > Do you know of any script that software ipchains commands to iptables ? I don't, but I've never looked for one. Seriously though, it shouldn't be too hard to do it by hand unless you have a truly internecine set of rules. Doing the first few steps "by hand" and then editing the config file (with a backup!) lets you get it right one step at a time, and it's easy to tweak. It also lets you set up boxes without needing a working install of X windows libraries; and on a real firewall you probably want an absolute minimum of installed software (makes Tripwrire run a bit faster if there's not too much stuff to inspect :o) ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Ipchains vs Iptables question
Thanks for the help, guys. I'll check it out. A friend recommended Firestarter but I didn't know they had it for iptables. I'll use that to get me started, I'd rather edit the files by hand but it might be a good way to get the initial file set up. I'm building a second box on RH7.2 to replace an old RH 6.0 box we're using so I won't have to take everybody down to do it. Tnx, Kerry - Original Message - From: "Brian" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, March 19, 2002 10:38 PM Subject: RE: Ipchains vs Iptables question > There are many GUI programs under freahmeat.net that can help you configure > iptables, check it out. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Bill Crawford > Sent: Tuesday, March 19, 2002 5:43 PM > To: [EMAIL PROTECTED] > Subject: Re: Ipchains vs Iptables question > > > On Tue, 19 Mar 2002, Kerry Miller wrote: > > > We have 2 firewalls running on ipchains now. I'm not too great with > > ipchains yet and haven't even tried iptables, but since I already have > > working firewalls w/ ipchains, is there a way to use my current scripts > with > > iptables? How much different is the syntax, or is there a way to import > the > > ipchains scripts into iptables then save them? Or, is there a util that > > will convert them for me? > > I'm not aware of any tools either, but I simply wrote an iptables > version of what I wanted; the mechanics are not that dissimilar and > the syntax isn't all that much different either. > > A good way to start is probably to just create a couple of simple > rules from scratch, then save the results (using "iptables-save") to > a file and edit that. Then "iptables-restore < file" will load the > new rules and tell you if you have any errors (they're not terribly > helpful error messages, but will tell you which line failed). > > To get you started, your first two rules should be something like: > > # Generated by iptables-save v1.2.3 on Tue Feb 19 19:12:54 2002 > *filter > :INPUT DROP [0:0] > :FORWARD DROP [0:0] > :OUTPUT ACCEPT [0:0] > -A INPUT -i lo -j ACCEPT > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > ... > COMMIT > # Completed on Tue Feb 19 19:12:54 2002 > > because they will a) make sure any local connections on the machine, > such as local mail delivery, won't break; and b) ensure your current > SSH session doesn't disappear when you load the new ruleset. I can't > stress the latter enough; if you don't do this, with the best will in > the world, you may eventually lock yourself out of the box. I have > done it, my colleagues have done it ... > > You need to make sure you don't have any ipchains rules in place > when you start, which means: > > On RH, do "service ipchains stop" followed by unloading the > ipchains module(s), otherwise iptables won't load. > > On anything else, whatever it takes to remove all the current > rules, followed by unloading ipchains from the kernel. > > This will leave you unprotected, so at this point it's probably best > to unplug the external network for a few minutes. Don't do this while > you need that interface up ... so any documentation you happen to find > you will have to save locally before you start :o) > > Load the kernel module (modprobe ip_tables). This is actually taken > care of by the iptables init script when you start the service up, but > it won't hurt to load it explicitly now, and then you can experiment > before you enable the service "properly" ... > > Load the "iptable_filter" module too, since that's usually the first > one you'll need. > > Now > > # iptables -t filter -A INPUT -i lo -j ACCEPT > # iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j > ACCEPT > > Before you make any other changes, it's a good idea to do something > along the lines of > > # at 'now + 3 minutes' > > /sbin/service iptables stop > > ^D (literal control-D) > > so that if anything does go wrong, you'll be able to reconnect within > a few minutes. Just in case. > > Each time you have a configuration that's tested and working, save > the current settings with > > # iptables-save > /etc/sysconfig/iptables > > or more succinctly > > # service iptables save > > > Tnx, > > Kerry > > > > Network Administrator > > Info-Power International, Inc. > > 3315 Silverstone > > Plano, TX 75023 > > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Ipchains vs Iptables question
There are many GUI programs under freahmeat.net that can help you configure iptables, check it out. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bill Crawford Sent: Tuesday, March 19, 2002 5:43 PM To: [EMAIL PROTECTED] Subject: Re: Ipchains vs Iptables question On Tue, 19 Mar 2002, Kerry Miller wrote: > We have 2 firewalls running on ipchains now. I'm not too great with > ipchains yet and haven't even tried iptables, but since I already have > working firewalls w/ ipchains, is there a way to use my current scripts with > iptables? How much different is the syntax, or is there a way to import the > ipchains scripts into iptables then save them? Or, is there a util that > will convert them for me? I'm not aware of any tools either, but I simply wrote an iptables version of what I wanted; the mechanics are not that dissimilar and the syntax isn't all that much different either. A good way to start is probably to just create a couple of simple rules from scratch, then save the results (using "iptables-save") to a file and edit that. Then "iptables-restore < file" will load the new rules and tell you if you have any errors (they're not terribly helpful error messages, but will tell you which line failed). To get you started, your first two rules should be something like: # Generated by iptables-save v1.2.3 on Tue Feb 19 19:12:54 2002 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT ... COMMIT # Completed on Tue Feb 19 19:12:54 2002 because they will a) make sure any local connections on the machine, such as local mail delivery, won't break; and b) ensure your current SSH session doesn't disappear when you load the new ruleset. I can't stress the latter enough; if you don't do this, with the best will in the world, you may eventually lock yourself out of the box. I have done it, my colleagues have done it ... You need to make sure you don't have any ipchains rules in place when you start, which means: On RH, do "service ipchains stop" followed by unloading the ipchains module(s), otherwise iptables won't load. On anything else, whatever it takes to remove all the current rules, followed by unloading ipchains from the kernel. This will leave you unprotected, so at this point it's probably best to unplug the external network for a few minutes. Don't do this while you need that interface up ... so any documentation you happen to find you will have to save locally before you start :o) Load the kernel module (modprobe ip_tables). This is actually taken care of by the iptables init script when you start the service up, but it won't hurt to load it explicitly now, and then you can experiment before you enable the service "properly" ... Load the "iptable_filter" module too, since that's usually the first one you'll need. Now # iptables -t filter -A INPUT -i lo -j ACCEPT # iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT Before you make any other changes, it's a good idea to do something along the lines of # at 'now + 3 minutes' > /sbin/service iptables stop > ^D (literal control-D) so that if anything does go wrong, you'll be able to reconnect within a few minutes. Just in case. Each time you have a configuration that's tested and working, save the current settings with # iptables-save > /etc/sysconfig/iptables or more succinctly # service iptables save > Tnx, > Kerry > > Network Administrator > Info-Power International, Inc. > 3315 Silverstone > Plano, TX 75023 ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Ipchains vs Iptables question
On Tue, 19 Mar 2002, Kerry Miller wrote: > We have 2 firewalls running on ipchains now. I'm not too great with > ipchains yet and haven't even tried iptables, but since I already have > working firewalls w/ ipchains, is there a way to use my current scripts with > iptables? How much different is the syntax, or is there a way to import the > ipchains scripts into iptables then save them? Or, is there a util that > will convert them for me? I'm not aware of any tools either, but I simply wrote an iptables version of what I wanted; the mechanics are not that dissimilar and the syntax isn't all that much different either. A good way to start is probably to just create a couple of simple rules from scratch, then save the results (using "iptables-save") to a file and edit that. Then "iptables-restore < file" will load the new rules and tell you if you have any errors (they're not terribly helpful error messages, but will tell you which line failed). To get you started, your first two rules should be something like: # Generated by iptables-save v1.2.3 on Tue Feb 19 19:12:54 2002 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT ... COMMIT # Completed on Tue Feb 19 19:12:54 2002 because they will a) make sure any local connections on the machine, such as local mail delivery, won't break; and b) ensure your current SSH session doesn't disappear when you load the new ruleset. I can't stress the latter enough; if you don't do this, with the best will in the world, you may eventually lock yourself out of the box. I have done it, my colleagues have done it ... You need to make sure you don't have any ipchains rules in place when you start, which means: On RH, do "service ipchains stop" followed by unloading the ipchains module(s), otherwise iptables won't load. On anything else, whatever it takes to remove all the current rules, followed by unloading ipchains from the kernel. This will leave you unprotected, so at this point it's probably best to unplug the external network for a few minutes. Don't do this while you need that interface up ... so any documentation you happen to find you will have to save locally before you start :o) Load the kernel module (modprobe ip_tables). This is actually taken care of by the iptables init script when you start the service up, but it won't hurt to load it explicitly now, and then you can experiment before you enable the service "properly" ... Load the "iptable_filter" module too, since that's usually the first one you'll need. Now # iptables -t filter -A INPUT -i lo -j ACCEPT # iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT Before you make any other changes, it's a good idea to do something along the lines of # at 'now + 3 minutes' > /sbin/service iptables stop > ^D (literal control-D) so that if anything does go wrong, you'll be able to reconnect within a few minutes. Just in case. Each time you have a configuration that's tested and working, save the current settings with # iptables-save > /etc/sysconfig/iptables or more succinctly # service iptables save > Tnx, > Kerry > > Network Administrator > Info-Power International, Inc. > 3315 Silverstone > Plano, TX 75023 ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Ipchains vs Iptables question
On Tue, 19 Mar 2002, Kerry Miller wrote: > We have 2 firewalls running on ipchains now. I'm not too great with > ipchains yet and haven't even tried iptables, but since I already have > working firewalls w/ ipchains, is there a way to use my current scripts with > iptables? How much different is the syntax, or is there a way to import the > ipchains scripts into iptables then save them? Or, is there a util that > will convert them for me? > AFAIK, there is no conversion tool other than your brain. At best, your ipchains would server as a template for the things you are trying to manage. Please consider investing in a book such as "Linux Firewalls" by Robert Zeigler. He has an ipchains and an iptables edition. There are numerous tools that help you generate a iptables firewall script. www.freshmeat.net and use "firewall" as your search string. The resulting number of hits astonishes me still. My favourite is fwbuilder. I've heard of "firestarter" being bandied about by many people. ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Ipchains vs Iptables question
We have 2 firewalls running on ipchains now. I'm not too great with ipchains yet and haven't even tried iptables, but since I already have working firewalls w/ ipchains, is there a way to use my current scripts with iptables? How much different is the syntax, or is there a way to import the ipchains scripts into iptables then save them? Or, is there a util that will convert them for me? Tnx, Kerry Network Administrator Info-Power International, Inc. 3315 Silverstone Plano, TX 75023 ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Easy IPTABLES question
Yowza, I'm trying to set up a conservative INNER firewall for our public workstations. Rules that, via NAT, will allow them to get out to the Internet to their heart's content, but won't allow them to do much but telnet to our catalog and pull port 80 requests from our web server WITHIN our network I've initially set up the firewall with dhcpd and think I've got a problem with the OUTPUT statement. When I issue the rules below I get: dhcpd: send_packet: Operation not permitted Any hints? Brett Charbeneau, Network Administrator Tel: 757-259-7750 Williamsburg Regional Library FAX: 757-259-7798 7770 Croaker Road [EMAIL PROTECTED] Williamsburg, VA 23188-7064 http://www.wrl.org ## Change source addresses to 209.96.157.155. iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 209.96.157.155 ## Allow DHCP traffic to pass through to the eth1 network iptables -A INPUT -s 192.168.5.0/255.255.255.0 -d 192.168.5.0/255.255.255.0 -i eth1 -p udp --sport 67 --dport 68 -j ACCEPT iptables -A OUTPUT -s 192.168.5.0/255.255.255.0 -d 192.168.5.0/255.255.255.0 -o eth1 -p udp --sport 68 --dport 67 -j ACCEPT iptables -A INPUT -s 192.168.5.0/255.255.255.0 -d 192.168.5.0/255.255.255.0 -i eth1 -j ACCEPT iptables -A OUTPUT -s 192.168.5.0/255.255.255.0 -d 192.168.5.0/255.255.255.0 -o eth0 -j ACCEPT ## Makes passive FTP possible, but creates security hole as of 5/23/01 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ## Allow new traffic to be accepted from eth1 iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT # establish policies iptables -P INPUT DROP iptables -P FORWARD ACCEPT iptables -P OUTPUT DROP # log all dropped packets on eth1 iptables -A INPUT -p all -j LOG --log-level warning --log-prefix "IPT DROP: " -i eth1 ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
iptables question
Hi folks!! I Have runing Redhat 7.1 server with iptables. I want to only forward all packets, no filtering. What is the simple rule to do this? I want to try this, because some conference programs cant send files, cant comunicate, etc. There are another solution? Thanks in advance.. Hernan Brun - Original Message - From: "Ziad Samaha" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, January 08, 2002 3:51 AM Subject: Re: DNS, Architecture, General Question > > I think you should use LDAP if you have a large number of user and most of > your operations are search and read operations. You can store your users > info in this LDAP and use it for authentication (that can be specified in > your protal). > > According to the free email accounts you want to offer try to integrate > webmail as part of your protal users desktop, you can use the same > authentication info to authenticate automatically to the mail server after > logging to the portal desktop (Single Sign On): which means that you will > have a part of your desktop containing your mailbox. > > Good Luck > > On Thu, 3 Jan 2002, Ben Ocean wrote: > > >Hi; > >I'm going to be building a robust, complex Web portal that, among other > >things, may offer free email accounts. These POP3 accounts would run > >through qmail and authenticate through OpenLDAP (and Kerberos V behind all > >that). I currently don't host my own DNS, although if I offer the free > >email accounts, I'm sure I will have to do that. I've installed all the > >requisite tools on my server to develop this portal. I'm currently > >schematizing the architecture and am vitally concerned about how POP3 email > >accounts would be integrated. Would someone please offer a few sentences of > >advice on this topic and a resource or two to consult? Again, the > >architecture will integrate qmail, OpenLDAP and DNS. > >TIA, > >BenO > > > > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: IPTables question
> I'd recommend upgrading the rpm for iptables as this is one of the > fixes. Current version is iptables-1.2.4-0 I believe. Ah, up2date didn't update that automatically because of my manual fix. Now I've forced it to apply the update. However, immediately after updating, i tried "service iptables save" and "service iptables restart" and that resulted in Nov 17 18:52:04 linux iptables: Applying iptables firewall rules failed It seems there's still a bug in it. After copying my fix back from iptables.rpmsave it works again. # diff iptables iptables.old 67c67 < grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:] ]*$' | sed "s/MASQUERADE \([0-9]\)/MASQUERADE --to-ports \1/" | /sbin/iptables-r estore -c && \ --- > grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:] ]*$' | /sbin/iptables-restore -c && \ Andreas ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: IPTables question
** Reply to message from Andreas Hansson <[EMAIL PROTECTED]> on Sat, 17 Nov 2001 14:51:32 +0100 > It might be safer to just edit /etc/sysconfig/iptables yourself. It's > mostly just a list of iptables commands plus saved statistics for the > chains. If you save it once you'll see what it's supposed to look like. Highly recommended to update to iptables-1.2.4. All bugs you mentioned have been fixed in that version. jb ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: IPTables question
On Sat, 17 Nov 2001, Andreas Hansson wrote: > Yes. The easiest way to do that is "service iptables save" which will > execute iptables-save for you. There seems to be a few bugs, at least in the > version I use (iptables-1.2.1a-1) so you might want to do "service iptables I'd recommend upgrading the rpm for iptables as this is one of the fixes. Current version is iptables-1.2.4-0 I believe. ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: IPTables question
> > i use in seawolf > > # iptables-save > /etc/sysconfig/iptables > > # chmod go-r /etc/sysconfig/iptables > > > > but this only save iptables command > > Ok, I take it this means that if I were to issue a series of iptables commands at the prompt, then I could flush those rules that were loaded to the /etc/sysconfig/iptables file, correct? Yes. The easiest way to do that is "service iptables save" which will execute iptables-save for you. There seems to be a few bugs, at least in the version I use (iptables-1.2.1a-1) so you might want to do "service iptables restart" to verify that it succeeded saving changes. What I've found is that when using MASQUERADE with a port it will save [0:0] -A extpostroute -s 192.168.0.4 -p udp -m udp --sport 6112 -j MASQUERADE 6118 instead of [0:0] -A extpostroute -s 192.168.0.4 -p udp -m udp --sport 6112 -j MASQUERADE --to-ports 6118 It also adds extra quotes to --log-prefix every time I load and save the file. It might be safer to just edit /etc/sysconfig/iptables yourself. It's mostly just a list of iptables commands plus saved statistics for the chains. If you save it once you'll see what it's supposed to look like. Andreas ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: IPTables question
On Fri, Nov 16, 2001 at 10:35:54PM -0800, Monte Milanuk wrote: > On Sat, 17 Nov 2001 10:56:20 -0500 > Lewi <[EMAIL PROTECTED]> wrote: > > > > read your /etc/init.d/iptables > > > > I did. But some of us don't read shell scripting too well yet ;) Hence I'm asking >for a minor translation. > > > i use in seawolf > > # iptables-save > /etc/sysconfig/iptables > > # chmod go-r /etc/sysconfig/iptables > > > > but this only save iptables command > > Ok, I take it this means that if I were to issue a series of iptables commands at >the prompt, then I could flush those rules that were loaded to the >/etc/sysconfig/iptables file, correct? yes > Monte > > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list -- ichtus -- Lewi Supranata .K ICQ: 50643061 msg64192/pgp0.pgp Description: PGP signature
Re: IPTables question
On Sat, 17 Nov 2001 10:56:20 -0500 Lewi <[EMAIL PROTECTED]> wrote: > read your /etc/init.d/iptables > I did. But some of us don't read shell scripting too well yet ;) Hence I'm asking for a minor translation. > i use in seawolf > # iptables-save > /etc/sysconfig/iptables > # chmod go-r /etc/sysconfig/iptables > > but this only save iptables command Ok, I take it this means that if I were to issue a series of iptables commands at the prompt, then I could flush those rules that were loaded to the /etc/sysconfig/iptables file, correct? Monte _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: IPTables question
On Fri, Nov 16, 2001 at 07:39:12PM -0800, Monte Milanuk wrote: > I inadvertently fragged my LAN server, so I am taking the opportunity to reinstall >KRUD 7.1 and set things up a bit tighter this time around. Previously I used >ipchains via lokkit to config my firewall. This time I'd like to use iptables. I >have a book on Securing RH Linux 7.1, and have browsed multiple online guides to >IPtables, but I still am confused about a few things. > > Almost every example appears to completely ignore the default installed RH 7.1 >iptables script. The book I have gives a completely different script in the same >place. Several guides advocated an /etc/init.d/rc.firewall script instead. The >existing iptables script sources /etc/sysconfig/iptables, which doesn't seem to exist >by default. > > Since I haven't (yet) found any docs that deal w/ setting up an iptables firewall on >a RH 7.1 box *with the existing files layout*, I guess I'll have to ask the dum-dum >questions: What is wrong w/ the RH scripts that no one seems to advocate, or at >least document using them? Assuming nothing is really wrong w/ them, where do I add >my iptables lines, in /etc/init.d/iptables or /etc/sysconfig/iptables? read your /etc/init.d/iptables i use in seawolf # iptables-save > /etc/sysconfig/iptables # chmod go-r /etc/sysconfig/iptables but this only save iptables command > > Thoroughly confused, > > Monte > > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list -- ichtus -- Lewi Supranata .K ICQ: 50643061 msg64183/pgp0.pgp Description: PGP signature
IPTables question
I inadvertently fragged my LAN server, so I am taking the opportunity to reinstall KRUD 7.1 and set things up a bit tighter this time around. Previously I used ipchains via lokkit to config my firewall. This time I'd like to use iptables. I have a book on Securing RH Linux 7.1, and have browsed multiple online guides to IPtables, but I still am confused about a few things. Almost every example appears to completely ignore the default installed RH 7.1 iptables script. The book I have gives a completely different script in the same place. Several guides advocated an /etc/init.d/rc.firewall script instead. The existing iptables script sources /etc/sysconfig/iptables, which doesn't seem to exist by default. Since I haven't (yet) found any docs that deal w/ setting up an iptables firewall on a RH 7.1 box *with the existing files layout*, I guess I'll have to ask the dum-dum questions: What is wrong w/ the RH scripts that no one seems to advocate, or at least document using them? Assuming nothing is really wrong w/ them, where do I add my iptables lines, in /etc/init.d/iptables or /etc/sysconfig/iptables? Thoroughly confused, Monte _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
