Hi all,
i'm a complete newbie to fedora and iptables so please bare with me.

I've recent been having major hack attempts on my server and thanks to the crappy fasthost support I've been forced to learn linux on the go!

Any here's my problem,
After some major searching all advice on server security points to the iptables. So I attempted to edit it, but due to my poor understanding I think I edited the wrong file.
So when I tried to restart the iptables it failed with the message "iptables cannot execute binary"

Thinking I just need to re-install iptables I attempted to do that and now I'm stuck.

I've downloaded and attempted to install iptables but now when I try to start any of the services I the following "iptales: unrecognised service"

So I uninstalled it and re-tried and now when I try "iptables -F" I get no response and when I try "service iptables start" or "service iptables stop or status" all I get is iptables: unrecognized service

I'm guessing I've messed things up badly so please please can anyone help.
I've tried google in the problem but I'm I can't seem to find a clear answer that a novice can understand.

I've go a huge hole in my security and no means of closing the door.

I'm running Fedora 6 (Zod) Kernel 2.6.18-1.2869.fc6 on an i686 and Im tried to re-install iptables-1.3.5
Please kind ladies or gents HELP!

It would be useful to know which file you edited. Is it possible that you just changed the file permissions and the file contents are unchanged?

OK, I guess you are aware that there is a danger that you are making the problem worse. How did you re-install iptables?

Let's quickly run through the basics, to try to stop you making more errors. iptables/netfilter is a firewall program; there should never by any reason to mess with the iptables code itself as configuration is done by...

• writing a 'ruleset' (a set of rules in a simple-ish programming language that instructs iptables what to do)
• modifying the environment in which iptables runs (so setting various kernel parameters that configure the general networking environment)

Mostly, you do the first of those two, but probably there are a couple of things that will need the second and they may or may not be set up correctly before you start configuring the box.

You could instantiate (put in to place) the ruleset in several ways, but using a bash script that runs on start-up and sets up all of your rules has much to recommend it (you could also incerementally modify whatever rules that you start from, maybe also from a bash script).

have a look at tutorials at:
http://www.linuxhomenetworking.com/w...Using_iptables
http://iptables-tutorial.frozentux.net/

(the first is probably more what you want; the second is more like a manual than a tutorial....still good though)

(Note also: there are 'simple' GUI front ends to iptables (there is a large selection of them; don't try to get me to select any one as I don't know, but there are several threads that discuss them). You might argue that you don't want a gui on your server....and that would be a fair comment and a desirable aim, but....you could, potentially run the GUI app on your local machine to generate the ruleset and then copy that ruleset over to the server box, and that would be a good setup from a security point of view.)

Right now, you are not in the best position; you should ensure that you do not have unnecessary services listening on ports that could be exploited; you need to get back to a situation in which you have proper security measures in place ASAP. I am not clear what you have installed that is worthwhile and how much reconfiguration it took you to get here, but do you want to consider re-building the box from the ground up? (I assume that this is a service offered by your hosting organisation.)

Hmmm, that's not what I would have been expecting fathosts (sorry) to be offering as a server...is this their default offering?

I wish I just changed the file permissions but naw, I actually edited the file, then I saw i edited the wrong file so removed the change but I kepted get "iptables cannot execute binary"


Hmmm, that's not what I would have been expecting fathosts (sorry) to be offering as a server...is this their default offering?

Yeah this is the default.

OK, I guess you are aware that there is a danger that you are making the problem worse. How did you re-install iptables?

I downloaded the tar files and just did the following
#tar xvzf package.tar.gz
#cd package
# make
# make install

I know it might be a dumb question but do you think the reason I'm getting the "unrecognized service" when I try to start or stop the iptables message is because I need to write the rulesets?

I was afraid that was going to say; any reason that you didn't go for the rpm?

I think you are probably not starting iptables. Unfortunately, I don't know enough about how fedora does things to tell you what you should do about this. If I remember correctly that 'homenetworking' tutorial is derived from the Harrison book, which is fairly heavily RedHat/fedora based.

to be honest I wanted to go down the rpm route, I just couldn't find the link to download it.

If you have a suggestion on where I can find them I'd try them instead!
From what I saw in the homenetworking tutorial rpm was what they refered to too, but I just couldnt find where to download them.

I got the iptables_1.3.5 from http://netfilter.org/projects/iptabl...iptables-1.3.5, couldn't find a link to rpm thou!