|
iptables and 2.6.1, not enough enabled?
Greetings, one last thing to fix and I'll have a fully working and lovely new kernel.
I have this feeling that I did something wrong when it came to iptables in the kernel! I use a pretty generic set of rules as I'm behind a hardware firewall/router and the firewall on this machine just provides a bit of final tweaking:
#!/bin/sh
$IPTABLES=/usr/sbin/iptables
$IPTABLES -F INPUT
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p icmp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p tcp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p udp
#ssh
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT
#nessus
$IPTABLES -A INPUT -p tcp --dport 1241 -j ACCEPT
#cups (from g4 and ext) else deny
$IPTABLES -A INPUT -s 100.0.0.5 -p udp --dport 631 -j ACCEPT
$IPTABLES -A INPUT -s 100.0.0.2 -p udp --dport 631 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 631 -j DROP
$IPTABLES -A INPUT -m limit --limit 3/second --limit-burst 5 -i ! lo -j LOG
$IPTABLES -A INPUT -i ! lo -j DROP
------------------------------------------------------------------------------------------
The thing is, since compiling the 2.6.1 kernel...
$ iptables -L
now lists nothing at all. I believe I've narrowed it down to the fact that iptables no longer seems to understand the state feature. Is this something that has to be enabled at compile-time with the kernel? It worked fine on the generic slackware kernel.
cheers
mark
|
