How to iptables part II
From: Nahual Guerrero (panakeia@terra.es)Date: 11/12/01
- Previous message: Kent Freeman: "RE: Packet Sniffing in a Switched LAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Nahual Guerrero <panakeia@terra.es> To: security-basics@securityfocus.com Subject: How to iptables part II Date: Mon, 12 Nov 2001 01:58:59 +0100 Message-Id: <01111201585900.01956@localhost.localdomain>
Well Nahual strikes back.... :(
I've been reading all the valious documents I found , and i found a new (i
guess) way to make my rules load at start up... But ( there is always a
disgusting but) as my skills are poor , i found myself in trouble when i
tried to make work a script. I'll paste you what I found:
-------------------------------------------------------
root@localhost init.d]# ./iptables start
Flushing all current rules and user defined chains:[ OK ]
Clearing all current rules and user defined chains:[ OK ]
Applying iptables firewall rules:
iptables -A INPUT -j REJECT -p tcp -s ! 127.0.0.0/255.255.255.0
--destination-port xxxxxx
iptables -A INPUT -j REJECT -p tcp -s ! 127.0.0.0/255.255.255.0
--destination-port xxxxxx
iptables -A INPUT -j REJECT -p tcp -s ! 127.0.0.0/255.255.255.0
--destination-port xxxxxx
iptables -A INPUT -j REJECT -p tcp -s ! 127.0.0.0/255.255.255.0
--destination-port xxxxxxx
iptables -A INPUT -j REJECT -p tcp -s ! 127.0.0.0/255.255.255.0
--destination-port xxxxxx
iptables -A INPUT -j REJECT -p tcp -s ! 127.0.0.0/255.255.255.0
--destination-port xxxxxxx
iptables -A INPUT -j REJECT -p tcp -s ! 127.0.0.0/255.255.255.0
--destination-port xxxxxxx
[ OK ]
--------------------------------------------------------
As my paranoia were growing i decided to look if what the script is supposed
to do was done (note that the script is made by Joshua Jensen
<joshua@redhat.com> )and I discoverred this....
--------------------------------------------------------
[root@localhost init.d]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--------------------------------------------------------
Dammit! I 've experienced trouble when trying to make the script execute the
rules instead of simply listing em.... heres the portion of the script that
migth be wrong:
--------------------------------------------------------
echo $"Applying iptables firewall rules: "
grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v
'^[[:space:]]*$'iptables-restore -v $IPTABLES_CONFIG && \
success "Applying iptables firewall rules" || \
failure "Applying iptables firewall rules"
--------------------------------------------------------
Well i think i found a way to make it work... but , as I said i'm working
hard in order to manage independently with this little trouble , but as i
guess i still not have the necessary knowledge , i ask to you again to help
me or give me another clue in order to solve the problem.
Thanks in advance... and do not blame me for my... poor knowledge
- Previous message: Kent Freeman: "RE: Packet Sniffing in a Switched LAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
