LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-12-2004, 05:12 PM   #1
FiveFlat
Member
 
Registered: May 2003
Location: N. California
Distribution: FC3 2.6.9
Posts: 110

Rep: Reputation: 15
iptables vs. rc.firewall


I am very confused. I see that I have an 'iptables' files and an 'iptables-config' file in my /etc/sysconfig folder.

When I configured IP masquerading for my home network I found a file called rc.firewall - which I was instructed to place in my /etc/rc.d/ folder and whenever I have to reboot my computer I have to run that file in order to allow my other [windows] computers out to the internet.

So my questions are-
What is the difference between these two files? Does the rc.firewall file simply append iptables 'rules' to the 'iptables' file?

When I add 'rules' or 'lines' to my iptables (for instance I currently trying to block all outside requests to my samba ports) should I add these lines to the rc.firewall file or the iptables file or the iptables-config file?

If I make changes to the iptables file - am I supposed to 'restart' iptables?

I know I'm asking alot - but I'm sure its very elementary knowledge to alot of you, and would appreciate your help.
 
Old 08-12-2004, 09:52 PM   #2
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 46
Quote:
I see that I have an 'iptables' files and an 'iptables-config' file in my /etc/sysconfig folder.
Tells me you are using RedHat/Fedora or a redHat based distro. So, you don't really need to copy rc.firewall to /etc/init.d. RedHat has a script iptables that reads from an existing set of rules that it saves in the /etc/sysconfig directory and loads them at boot. But this script pretty much just maintains the iptables rules. If there is no file in /etc/sysconfig, the script will maintain a default ACCEPT stance.

To load the initial set of rules, you may need to write another script with ACCEPT/DROP rules to regulate traffic coming in and going out of your system. Once your execute your script, and you can see your rules when you give the command

# iptables -nvL

and you are satisfied with the way your rules behave, you can go ahead and commit those rules to /etc/sysconfig/iptables with the command

# service iptables save.
 
Old 08-13-2004, 03:39 PM   #3
FiveFlat
Member
 
Registered: May 2003
Location: N. California
Distribution: FC3 2.6.9
Posts: 110

Original Poster
Rep: Reputation: 15
so that last command will basically 'overwrite' my /etc/sysconfig/iptables file to the current settings I have with my rc.firewall?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables with iptables-firewall.conf arno's matt3333 Slackware 16 06-28-2007 07:20 AM
iptables and firewall J4b0l Linux - Security 5 10-10-2005 08:02 AM
IPTABLES firewall Vs rc firewall netguy2000 Linux - Security 7 02-28-2004 04:31 AM
firewall iptables SchwipSchwap Linux - Newbie 2 09-14-2002 06:41 AM
IPTables Firewall bfloeagle Linux - Security 6 06-19-2001 02:51 PM


All times are GMT -5. The time now is 01:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration