Re: Blocking incoming IP address immediately
From: Jeff Franks (jfranks1970_at_charter.net)
Date: 11/29/04
- Next message: sarah chang: "My Linux server got hacked last night -- please help!"
- Previous message: Tim Haynes: "Re: Blocking incoming IP address immediately"
- In reply to: Tim Haynes: "Re: Blocking incoming IP address immediately"
- Next in thread: Tim Haynes: "Re: Blocking incoming IP address immediately"
- Reply: Tim Haynes: "Re: Blocking incoming IP address immediately"
- Reply: Nico Declerck: "Re: Blocking incoming IP address immediately"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Nov 2004 13:13:01 -0600
> There's something screwy here. -I would have the effect of prepending the
> rule right at the top of the INPUT chain, so effects should be immediate.
> How do you know your other firewall rules are taking effect? Do you have
> any regular rule-replacement happening, e.g. through cron? Are you getting
> any error messages running that? What does `iptables -nL' show immediately
> afterwards?
an 'iptables -L' shows the new rule in effect. (at the first with a '-i' or
at the end with a '-a').
The way I have tested this is to start the firewall and get another person
to help me by either joining the game or Roger Wilco. Then I try the
commands. If it were to take effect immediately, I'd expect it to bump him
off of whatever connection he has. It doesn't. Even if I restart the
iptables service, it continues to let him stay in. Once I restart the
entire computer (which kills all connections) it will block them. Like I
mentioned before, this is the second clean build of RedHat that I have tried
this on. On this firewall, I installed RH9, updated relevant rpms
(including iptables), and setup this script. The OP contains my ENTIRE
script as of now. ARGH!??!?!?!
>
> How are you interacting with redhat's firewall rules, too? Traditionally
> they keep a version in /etc/sysconfig/ somewhere, that is used on system
> startup. However, my own preference is to have a master script such as
> /root/iptables.sh, which I run and use to update the system-wide version.
> (I'm normally on Gentoo, so it's /var/lib/iptables/rules-save to me, but
> something under /etc/sysconfig/ to you.)
I am running this from a script called /etc/rc2.d/rc.firewall. All the
rules show up in the iptables -L list and until I run the rc.firewall
script, port forwarding does not work. So, I'm confident that it is
executing correctly. While testing I have been saving my iptables to the
"permanent" setup using the 'iptables-save > /etc/sysconfig/iptables'
command. This does the same thing as your rules-save command, i think (puts
all effective rules in the "system" script). and if I leave the
/etc/sysconfig/iptables file intact (not removed) when I reboot, the
firewall automatically starts.
thanks again for your help. this is confusing what little I know about
iptables :-/
jf
- Next message: sarah chang: "My Linux server got hacked last night -- please help!"
- Previous message: Tim Haynes: "Re: Blocking incoming IP address immediately"
- In reply to: Tim Haynes: "Re: Blocking incoming IP address immediately"
- Next in thread: Tim Haynes: "Re: Blocking incoming IP address immediately"
- Reply: Tim Haynes: "Re: Blocking incoming IP address immediately"
- Reply: Nico Declerck: "Re: Blocking incoming IP address immediately"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
