LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 12-02-2004, 01:53 PM   #1
Junior24
LQ Newbie
 
Registered: Oct 2004
Location: Haiti, Port-au-Prince
Distribution: SuSE 9.0
Posts: 6

Rep: Reputation: 0
Unhappy etc/sysconfig/iptables file explinations


Hi every one,
I am running a server with Redhat 8.0 on it
I want to setup iptables firewalls on it, using this config file.
But to do it, I would need some explination on some of the
main code line of the script below
Please any help would be appreciated.
PS- If you know a place(websyte) where I can have some explanations on the
codes lines, I would be glad too.

Junior

-----------------------------------------------------------------------------------
#!/bin/sh
#
# Startup script to implement /etc/sysconfig/iptables pre-defined rules.
#
# chkconfig: 2345 08 92
#
# description: Automates a packet filtering firewall with iptables.
#
# by bero@redhat.com, based on the ipchains script:
# Script Author: Joshua Jensen <joshua@redhat.com>
# -- hacked up by gafton with help from notting
# modified by Anton Altaparmakov <aia21@cam.ac.uk>:
# modified by Nils Philippsen <nils@redhat.de>
#
# config: /etc/sysconfig/iptables

# Source 'em up
. /etc/init.d/functions

IPTABLES_CONFIG=/etc/sysconfig/iptables

if [ ! -x /sbin/iptables ]; then
exit 0
fi

KERNELMAJ=`uname -r | sed -e 's,\..*,,'`
KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`

if [ "$KERNELMAJ" -lt 2 ] ; then
exit 0
fi
if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ] ; then
exit 0
fi



if /sbin/lsmod 2>/dev/null |grep -q ipchains ; then
# Don't do both
exit 0
fi

start() {
# don't do squat if we don't have the config file
if [ -f $IPTABLES_CONFIG ]; then
# If we don't clear these first, we might be adding to
# pre-existing rules.
action $"Flushing all current rules and user defined chains:" iptables -F
action $"Clearing all current rules and user defined chains:" iptables -X
chains=`cat /proc/net/ip_tables_names 2>/dev/null`
for i in $chains; do iptables -t $i -F; done && \
success $"Flushing all current rules and user defined chains:" || \
failure $"Flushing all current rules and user defined chains:"
for i in $chains; do iptables -t $i -X; done && \
success $"Clearing all current rules and user defined chains:" || \
failure $"Clearing all current rules and user defined chains:"

for i in $chains; do iptables -t $i -Z; done

echo $"Applying iptables firewall rules: "
grep -v "^:space:*#" $IPTABLES_CONFIG | grep -v '^:space:*$' | /sbin/iptables-restore -c && \
success $"Applying iptables firewall rules" || \
failure $"Applying iptables firewall rules"
echo
touch /var/lock/subsys/iptables
fi
}

stop() {
chains=`cat /proc/net/ip_tables_names 2>/dev/null`
for i in $chains; do iptables -t $i -F; done && \
success $"Flushing all chains:" || \
failure $"Flushing all chains:"
for i in $chains; do iptables -t $i -X; done && \
success $"Removing user defined chains:" || \
failure $"Removing user defined chains:"
echo -n $"Resetting built-in chains to the default ACCEPT policy:"
iptables -P INPUT ACCEPT && \
iptables -P OUTPUT ACCEPT && \
iptables -P FORWARD ACCEPT && \
iptables -t nat -P PREROUTING ACCEPT && \
iptables -t nat -P POSTROUTING ACCEPT && \
iptables -t nat -P OUTPUT ACCEPT && \
iptables -t mangle -P PREROUTING ACCEPT && \
iptables -t mangle -P OUTPUT ACCEPT && \
success $"Resetting built-in chains to the default ACCEPT policy" || \
failure $"Resetting built-in chains to the default ACCEPT policy"
echo
rm -f /var/lock/subsys/iptables
}

case "$1" in
start)
start
;;

stop)
stop
;;

restart)
# "restart" is really just "start" as this isn't a daemon,
# and "start" clears any pre-defined rules anyway.
# This is really only here to make those who expect it happy
start
;;

condrestart)
[ -e /var/lock/subsys/iptables ] && start
;;

status)
echo $"Table: filter"
iptables --list
echo $"Table: nat"
iptables -t nat --list
echo $"Table: mangle"
iptables -t mangle --list
;;

panic)
echo -n $"Changing target policies to DROP: "
iptables -P INPUT DROP && \
iptables -P FORWARD DROP && \
iptables -P OUTPUT DROP && \
iptables -t nat -P PREROUTING DROP && \
iptables -t nat -P POSTROUTING DROP && \
iptables -t nat -P OUTPUT DROP && \
iptables -t mangle -P PREROUTING DROP && \
iptables -t mangle -P OUTPUT DROP && \
success $"Changing target policies to DROP" || \
failure $"Changing target policies to DROP"
echo
iptables -F INPUT && \
iptables -F FORWARD && \
iptables -F OUTPUT && \
iptables -t nat -F PREROUTING && \
iptables -t nat -F POSTROUTING && \
iptables -t nat -F OUTPUT && \
iptables -t mangle -F PREROUTING && \
iptables -t mangle -F OUTPUT && \
success $"Flushing all chains:" || \
failure $"Flushing all chains:"
iptables -X INPUT && \
iptables -X FORWARD && \
iptables -X OUTPUT && \
iptables -t nat -X PREROUTING && \
iptables -t nat -X POSTROUTING && \
iptables -t nat -X OUTPUT && \
iptables -t mangle -X PREROUTING && \
iptables -t mangle -X OUTPUT && \
success $"Removing user defined chains:" || \
failure $"Removing user defined chains:"
;;

save)
echo -n $"Saving current rules to $IPTABLES_CONFIG: "
touch $IPTABLES_CONFIG
chmod 600 $IPTABLES_CONFIG
/sbin/iptables-save -c > $IPTABLES_CONFIG 2>/dev/null && \
success $"Saving current rules to $IPTABLES_CONFIG" || \
failure $"Saving current rules to $IPTABLES_CONFIG"
echo
;;

*)
echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
exit 1
esac

exit 0
------------------------------------------------------------------------------------

Last edited by Junior24; 12-02-2004 at 01:54 PM.
 
Old 12-03-2004, 02:31 AM   #2
musicman_ace
Senior Member
 
Registered: May 2001
Location: Indiana
Distribution: Gentoo, Debian, RHEL, Slack
Posts: 1,555

Rep: Reputation: 46
It might help if we new what lines you wanted help understanding.

PS: if you are doing this to learn IPtables, generally you will learn more starting your own script and building it.
 
Old 12-03-2004, 06:06 AM   #3
UltimaGuy
Member
 
Registered: Aug 2003
Location: Chennai, India
Distribution: PCLinuxOS .92, FC4
Posts: 840

Rep: Reputation: 31
Better get a good GUI frontent like guarddog and install it...It'll help you configure every thing easily as learning iptables suddenly is very difficult.
 
Old 12-07-2004, 02:35 PM   #4
Junior24
LQ Newbie
 
Registered: Oct 2004
Location: Haiti, Port-au-Prince
Distribution: SuSE 9.0
Posts: 6

Original Poster
Rep: Reputation: 0
IPtable

Thank you guys for the suggestions
I appreciate that.
But I still have another problem concerning IPtables .
I have installed iptable ver 1.2.11, I have downloaded it and compiled it,
but It gives me an error after checking the Dependencies.
I would like to know how to resolve that error so that I can have
IPtable running on my SuSE 9.0 server.
Please any suggestion would be very appreciated.

Answer,
Junior


INCOMPATIBILITIES ip6tables-standalone.c iptables-standalone.c
junior:/usr/src/iptables-1.2.11 # /bin/sh -c make
Making dependencies: please wait...
In file included from extensions/libipt_REJECT.c:12:
/usr/src/linux/include/linux/version.h:6:2: #error "The kernel sources in /usr/src/linux are not yet configured."
/usr/src/linux/include/linux/version.h:7:2: #error "Please run 'make cloneconfig && make dep' in /usr/src/linux/"
/usr/src/linux/include/linux/version.h:8:2: #error "to get a kernel that is configured like the running kernel."
/usr/src/linux/include/linux/version.h:9:2: #error "Alternatively, you can copy one of the config files"
/usr/src/linux/include/linux/version.h:10:2: #error "arch/$ARCH/defconfig.* to .config, and run"
/usr/src/linux/include/linux/version.h:11:2: #error "'make oldconfig && make dep' to configure the kernel"
/usr/src/linux/include/linux/version.h:12:2: #error "for that configuration."
Something wrong... deleting dependencies.
make: *** [linux/autoconf.h] Error 1
junior:/usr/src/iptables-1.2.11 # /bin/sh -c make install
Making dependencies: please wait...
In file included from extensions/libipt_REJECT.c:12:
/usr/src/linux/include/linux/version.h:6:2: #error "The kernel sources in /usr/src/linux are not yet configured."
/usr/src/linux/include/linux/version.h:7:2: #error "Please run 'make cloneconfig && make dep' in /usr/src/linux/"
/usr/src/linux/include/linux/version.h:8:2: #error "to get a kernel that is configured like the running kernel."
/usr/src/linux/include/linux/version.h:9:2: #error "Alternatively, you can copy one of the config files"
/usr/src/linux/include/linux/version.h:10:2: #error "arch/$ARCH/defconfig.* to .config, and run"
/usr/src/linux/include/linux/version.h:11:2: #error "'make oldconfig && make dep' to configure the kernel"
/usr/src/linux/include/linux/version.h:12:2: #error "for that configuration."
Something wrong... deleting dependencies.
make: *** [linux/autoconf.h] Error 1
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables in sysconfig?? Mibble Red Hat 6 10-16-2005 10:37 PM
iptables -P vs :OUTPUT in /etc/sysconfig/iptables TomF Linux - Security 2 04-14-2005 11:50 PM
IPTABLES - rules in /etc/sysconfig/iptables The_JinJ Linux - Newbie 6 11-20-2004 02:40 AM
May I use variables inside /etc/sysconfig/iptables file?...how? leo Linux - Security 2 09-24-2004 10:26 PM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 08:36 AM


All times are GMT -5. The time now is 11:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration