Where is the iptables configuration file for slackware?

cola · 04-12-2010, 04:28 AM

wildwizard · 04-12-2010, 04:52 AM

There isn't one.

'/etc/rc.d/rc.firewall' is called from '/etc/rc.d/rc.inet2' on boot and is the normal place to put firewall configuration.

NB 'rc.firewall' does not exist unless "you" create it.

wildwizard · 04-12-2010, 04:52 AM

There isn't one.

'/etc/rc.d/rc.firewall' is called from '/etc/rc.d/rc.inet2' on boot and is the normal place to put firewall configuration.

NB 'rc.firewall' does not exist unless "you" create it.

Daedra · 04-12-2010, 04:53 AM

here is a good iptables firewall generator for slackware, courtesy of Alien Bob

http://connie.slackware.com/~alien/efg/

cola · 04-12-2010, 05:08 AM

Quote:

Originally Posted by wildwizard

There isn't one.

'/etc/rc.d/rc.firewall' is called from '/etc/rc.d/rc.inet2' on boot and is the normal place to put firewall configuration.

NB 'rc.firewall' does not exist unless "you" create it.

If i do

Code:

iptables --list

get some default configuration.
Trying to find that file with this default configuration.

wildwizard · 04-12-2010, 05:12 AM

Quote:

Originally Posted by cola

If i do

Code:

iptables --list

get some default configuration.
Trying to find that file with this default configuration.

You have installed something then.

This is a fresh Slackware install :-

Code:

root@indigo:/etc/rc.d# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

cola · 04-12-2010, 06:32 AM

Quote:

Originally Posted by wildwizard

You have installed something then.

This is a fresh Slackware install :-

Code:

root@indigo:/etc/rc.d# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I get this:

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
LOG        udp  --  anywhere             anywhere            udp dpts:0:1023 LOG level warning
LOG        tcp  --  anywhere             anywhere            tcp dpts:0:1023 LOG level warning
DROP       udp  --  anywhere             anywhere            udp dpts:0:1023
DROP       tcp  --  anywhere             anywhere            tcp dpts:0:1023
LOG        tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN
DROP       icmp --  anywhere             anywhere            icmp echo-request

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

harryhaller · 04-12-2010, 10:14 AM

post deleted

Hangdog42 · 04-12-2010, 11:29 AM

Quote:

Originally Posted by cola

I get this:

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
LOG        udp  --  anywhere             anywhere            udp dpts:0:1023 LOG level warning
LOG        tcp  --  anywhere             anywhere            tcp dpts:0:1023 LOG level warning
DROP       udp  --  anywhere             anywhere            udp dpts:0:1023
DROP       tcp  --  anywhere             anywhere            tcp dpts:0:1023
LOG        tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN
DROP       icmp --  anywhere             anywhere            icmp echo-request

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Do you have an /etc/rc.d/rc.firewall file? As wildwizard said, that is the default place for a firewall in Slackware. By the way, from that output you really don't have a firewall in place. All the defaults are set to ACCEPT. The rules you've got just close down port 1023 (although I have no idea what might be running there) and some settings that are likely just there to frustrate some scanning techniques. I really wouldn't count on that firewall doing much of anything security-wise.

botnet · 04-12-2010, 02:53 PM

probably not the official method, but i create a set of rules manually, then use iptables-save > /etc/iptables.rules, then put iptables-restore /etc/iptables.rules in /etc/rc.d/rc.local

been working for the last few years that i've done this

here is my iptables.rules file if it helps: http://pastebin.com/uiMZmPsk

cola · 04-13-2010, 06:36 AM

Quote:

Originally Posted by Hangdog42

Do you have an /etc/rc.d/rc.firewall file? As wildwizard said, that is the default place for a firewall in Slackware. By the way, from that output you really don't have a firewall in place. All the defaults are set to ACCEPT. The rules you've got just close down port 1023 (although I have no idea what might be running there) and some settings that are likely just there to frustrate some scanning techniques. I really wouldn't count on that firewall doing much of anything security-wise.

There is not /etc/rc.d/rc.firewall file.

Hangdog42 · 04-13-2010, 07:13 AM

Quote:

Originally Posted by cola

There is not /etc/rc.d/rc.firewall file.

Then something along the lines of what botnet suggested might be true in your case. These rules have to be stored in a file somewhere, so it is probably time to do some digging.