how to stop/start/restart iptables?
wow- slackware has seriously humbled me today. yesterday was great: i learned alot, but today i got slapped around big time!
anyways- i'm running slackware-current and i'm loading rc.firewall at boot. I had a problem today with ntalk and thought that it might be firewall related so i figured i'd turn it off and see if it made a difference. how do you turn a slackware iptables /etc/rc.d/rc.firewall off with out rebooting? i am seriously looking forward to the day when i can answer more questions than i need to ask. until then, thanks for helping! -9 |
In the last 4 versions of slack that I've used (including
10) there was no rc.firewall, so ... How about a cat /etc/rc.d/rc.firewall and check how it works? :) Cheers, Tink |
i will asume you made the firewall script yourself
make another script called firewall.stop this is turning off NAT routing as well so change if you don't want that also chmod 755 so it will run Code:
#!/bin/bash |
Thank you both for your help. You know, when I was getting my slack box up I wanted to get a firewall up asap. I found one that did what I was looking for (drop everything but ssh) and followed the directions that said put into /etc/rc.d/rc.firewall.
the rc.firewall file did exist, but it was empty. Below is a copy of what I have been using. I know that you're probably shaking your heads because I obviously have no idea how iptables works (yes, it's true- I admit it) but please be patient with me- there is alot to learn. a check with nmap shows that i have no ports open- and i could get into my box with ssh, so after I had the rc.firewall script installed I just went on to something else and tabled the firewall question until i had more time to get back to it (now- i suppose is a good time). Does slack come with another utility for firewalls? I thought that you had to write your own script for rc.firewall?! I bet anything out there will run on slack, and it's just up to the individual to figure out what they want to use... so many options with slack. anyways, here's the rc.firewall- and thanks again for the help!! #!/bin/bash # rc.firewall for # Basic Slackware Security # These two rules set the default policies, i.e. what to do if a # packet doesn't match any other rule, to drop any packet coming # into (INPUT) or routing through (FORWARD) the box. iptables -P INPUT DROP iptables -P FORWARD DROP # These rules are added (-A) to the INPUT chain. They allow packets # from any previously established connections and accept anything # from the loopback interface. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT # This rule added to the INPUT chain accepts any ssh connections. iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT |
That looks like a
iptables -F for stopping, and /etc/rc.d/rc.firewall for starting to me ;) Cheers, Tink |
Tinkster:
Thanks for your post. When I typed "iptables -F" I lost my connection to my box (i connect with putty). I had to go and type "/etc/rc.d/rc.firewall" at the terminal to be able to reconnect with putty. I think that I will now go and read up on how iptables works, as my ignorance is bothering me!! Please let me know if you know of a good beginners guide. I'll hit the web first, then the man pages (which can be hard to comprehend). Thanks again! |
|
Quote:
this stuff is easy -- all you need is "man iptables" to figure it out look at what i put -Z zero out the counters (default filter table) -F flush the rules (default filter table) -F flush the rules for (-t = table) nat and mangle tables note that modern kernels have three other built-in chains for mangle that go unused by me but possibly i should have included them as well in my stop script ! then: -X delete the chain -P now i have to set some new policies namely that INPUT FORWARD and OUTPUT should function normally (default filter table) like majic -- firewall filtering is stopped and full functionality is restored |
Quote:
connection but rather be on the local network or even console when you asked. And yes, if the machine you're talking to is on an interface that is being handled by the firewall (which NATing is) you'll fall off, too, when you turn the firewall off :) Cheers, Tink |
All times are GMT -5. The time now is 12:05 AM. |