hi guys, i am using fedora 10. i want to block few websites from opening for parental control. i tried editing rc.local.

this is the output for gedit /etc/rc.local:

#!/bin/sh

# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

iptables -I INPUT -s www.orkut.com -d 0/0 -j DROP

touch /var/lock/subsys/local

iptables -I INPUT -s www.orkut.com -d 0/0 -j DROP
exit 0

for some reasons, this command is not initialising while booting. right now i am manually entering it on terminal after logging in and it is working too.

can someone help me to put this on work while booting?. please help me with rc.local.


thanks in advance.

Hi Sony,

This works fine on my fedora system...

Actually "rc.local" will be executed on bootup after all init scripts are completed. However, Try checking /sbin/iptables -L (which will list all IP addresses blocked) after a fresh reboot. The logs should ideally show that given IP packet is dropped.

Logs of iptables (for orkut.com) on my Fc7 system:
"Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP 0 -- pq-in-f94.google.com anywhere
DROP 0 -- pq-in-f87.google.com anywhere
DROP 0 -- pq-in-f86.google.com anywhere
DROP 0 -- pq-in-f85.google.com anywhere
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
target prot opt source destination


Chain OUTPUT (policy ACCEPT)
target prot opt source destination"

hi praveen, thanks for your support.

i tried /sbin/iptables -L after a fresh reboot as you said. here is the output i got:

"Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination "

so, i think nothing is blocked while initializing. rc.local is not executing.
i tried /sbin/iptables -L without rebooting after entering the iptables..command manually on terminal and that gave me somewhat similiar output like you said.

so is this that rc.lcal is failing to get executed?.

sorry that i made this one little bigger.
thanks for your advice.

regards.

Hi Sony,

Actually "/etc/rc.local" will be a soft link to "/etc/rc.d/rc.local". Please check if the file "/etc/rc.d/rc.local" has executable permissions or not. if it doesn't give executable permissions as

chmod +x /etc/rc.d/rc.local

Also, even if the above procedure didn't work, then try to put your script into "/etc/rc3.d" or "/etc/rc5.d" directory (try googling this procedure) and try it..

Also please let me know if this works...

hi praveen,
you know what is one of the best feature of linux?. its of course the community support it provides.
well, I executed the chmod. I am in middle of downloading a file so couldn't check if its working.
I will definitely let you know how it went.

felt really happy to receive your replies.

by the way that chmod -x command was a new information for me. also that rc.local can be both in executable and non executable forms.thanks for it.

have a great day.

update:

hi praveen,
sorry for delay. was giving my board exams.

i fixed the problem accidently.
i enabled iptables at boot time with chkconfig iptables on
and saved with service iptbles save

i simply rebooted and its working fine.
thanks for support and advice.
regards.