Thanks Proud, for sticking with me on this.
There are two ways I check to see it isn't running:
First, I can go to grc.com and run the ShieldsUP! test. Everything is "closed" (not stealth) and one port is "open" for internet printer sharing.
Then I go into console as root and type "guarddog." The Guarddog window comes up and lets me click to turn it on- meaning it has been turned off until then. Then, when I go back to grc.com, everything is "stealth."
Here's how my /etc/rc.d/init.d/iptables reads:
#!/bin/sh
#
# Startup script to implement /etc/sysconfig/iptables pre-defined rules.
#
# chkconfig: 2345 03 92
#
# description: Automates a packet filtering firewall with iptables.
#
# by
bero@redhat.com, based on the ipchains script:
# Script Author: Joshua Jensen <joshua@redhat.com>
# -- hacked up by gafton with help from notting
# modified by Anton Altaparmakov <aia21@cam.ac.uk>:
# modified by Nils Philippsen <nils@redhat.de>
#
# config: /etc/sysconfig/iptables
# Source 'em up
. /etc/init.d/functions
IPTABLES_CONFIG=/etc/sysconfig/iptables
if [ ! -x /sbin/iptables ]; then
exit 0
fi
KERNELMAJ=`uname -r | sed -e 's,\..*,,'`
KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`
if [ "$KERNELMAJ" -lt 2 ] ; then
exit 0
fi
if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ] ; then
exit 0
fi
if /sbin/lsmod 2>/dev/null |grep -q ipchains ; then
# Don't do both
exit 0
fi
iftable() {
if fgrep -qsx $1 /proc/net/ip_tables_names; then
iptables -t "$@"
fi
}
start() {
# don't do squat if we don't have the config file
if [ -f $IPTABLES_CONFIG ]; then
# We do _not_ need to flush/clear anything when using iptables-restore
gprintf "Applying iptables firewall rules: \n"
grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /sbin/iptables-restore -c && \
success "Applying iptables firewall rules" || \
failure "Applying iptables firewall rules"
echo
touch /var/lock/subsys/iptables
fi
}
stop() {
chains=`cat /proc/net/ip_tables_names 2>/dev/null`
for i in $chains; do iptables -t $i -F; done && \
success "Flushing all chains:" || \
failure "Flushing all chains:"
for i in $chains; do iptables -t $i -X; done && \
success "Removing user defined chains:" || \
failure "Removing user defined chains:"
gprintf "Resetting built-in chains to the default ACCEPT policy:"
iftable filter -P INPUT ACCEPT && \
iftable filter -P OUTPUT ACCEPT && \
iftable filter -P FORWARD ACCEPT && \
iftable nat -P PREROUTING ACCEPT && \
iftable nat -P POSTROUTING ACCEPT && \
iftable nat -P OUTPUT ACCEPT && \
iftable mangle -P PREROUTING ACCEPT && \
iftable mangle -P OUTPUT ACCEPT && \
success "Resetting built-in chains to the default ACCEPT policy" || \
failure "Resetting built-in chains to the default ACCEPT policy"
echo
rm -f /var/lock/subsys/iptables
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
# "restart" is really just "start" as this isn't a daemon,
# and "start" clears any pre-defined rules anyway.
# This is really only here to make those who expect it happy
start
;;
condrestart)
[ -e /var/lock/subsys/iptables ] && start
;;
status)
tables=`cat /proc/net/ip_tables_names 2>/dev/null`
for table in $tables; do
gprintf "Table: %s\n" "$table"
iptables -t $table --list
done
;;
panic)
gprintf "Changing target policies to DROP: "
iftable filter -P INPUT DROP && \
iftable filter -P FORWARD DROP && \
iftable filter -P OUTPUT DROP && \
iftable nat -P PREROUTING DROP && \
iftable nat -P POSTROUTING DROP && \
iftable nat -P OUTPUT DROP && \
iftable mangle -P PREROUTING DROP && \
iftable mangle -P OUTPUT DROP && \
success "Changing target policies to DROP" || \
failure "Changing target policies to DROP"
echo
iftable filter -F INPUT && \
iftable filter -F FORWARD && \
iftable filter -F OUTPUT && \
iftable nat -F PREROUTING && \
iftable nat -F POSTROUTING && \
iftable nat -F OUTPUT && \
iftable mangle -F PREROUTING && \
iftable mangle -F OUTPUT && \
success "Flushing all chains:" || \
failure "Flushing all chains:"
iftable filter -X INPUT && \
iftable filter -X FORWARD && \
iftable filter -X OUTPUT && \
iftable nat -X PREROUTING && \
iftable nat -X POSTROUTING && \
iftable nat -X OUTPUT && \
iftable mangle -X PREROUTING && \
iftable mangle -X OUTPUT && \
success "Removing user defined chains:" || \
failure "Removing user defined chains:"
;;
save)
gprintf "Saving current rules to %s: " "$IPTABLES_CONFIG"
touch $IPTABLES_CONFIG
chmod 600 $IPTABLES_CONFIG
/sbin/iptables-save -c > $IPTABLES_CONFIG 2>/dev/null && \
success "Saving current rules to %s" "$IPTABLES_CONFIG" || \
failure "Saving current rules to %s" "$IPTABLES_CONFIG"
echo
;;
*)
gprintf "Usage: %s {start|stop|restart|condrestart|status|panic|save}\n" "$0"
exit 1
esac
exit 0
_________________________________________
Any ideas?
Siri Amrit