IPtables
# cat /boot/config-your.kernel.version.here | grep -i "CONFIG_IP_NF"
I got the above command from a website to check the iptables on my system. linux-3vxw:~ # # cat /boot/config-your.kernel.version.here | grep -i "CONFIG_IP_NF" linux-3vxw:~ # As you see it didn't give me any clue. ------------------ linux-3vxw:~ # iptables -v iptables v1.3.6: no command specified The above shows it is on the system too. Do I have IPtables by default? I am running open SuSE 10.2. |
yes, always going to have it unless you build a system without it, and obviously you do have it there.
|
The cat command is redundant.
Code:
grep IP_NF_IP /boot/config-2.6.22.17-0.1-default On most 2.6 kernels you can also use "zcat /proc/config.gz | grep -i 'IP_NF' |
Thanks jschiwal
It worked. ................ linux-3vxw:/home/Ni # zcat /proc/config.gz | grep -i 'IP_NF' CONFIG_IP_NF_CONNTRACK=m # CONFIG_IP_NF_CT_ACCT is not set CONFIG_IP_NF_CONNTRACK_MARK=y CONFIG_IP_NF_CONNTRACK_SECMARK=y CONFIG_IP_NF_CONNTRACK_EVENTS=y CONFIG_IP_NF_CONNTRACK_NETLINK=m CONFIG_IP_NF_CT_PROTO_SCTP=m CONFIG_IP_NF_FTP=m CONFIG_IP_NF_IRC=m CONFIG_IP_NF_NETBIOS_NS=m CONFIG_IP_NF_TFTP=m CONFIG_IP_NF_AMANDA=m CONFIG_IP_NF_PPTP=m CONFIG_IP_NF_H323=m CONFIG_IP_NF_SIP=m CONFIG_IP_NF_QUEUE=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_IPRANGE=m CONFIG_IP_NF_MATCH_TOS=m CONFIG_IP_NF_MATCH_RECENT=m CONFIG_IP_NF_MATCH_ECN=m CONFIG_IP_NF_MATCH_DSCP=m CONFIG_IP_NF_MATCH_AH=m CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_MATCH_OWNER ... ... I am not familiar with those 'zcat' commands. Are they different than usual 'cat' commands? |
zcat file == gunzip < file
/proc/config.gz is compressed, because it is included in kernel as-is and it is loaded along with the kernel.. So wasting memory on an uncompressed version would be suboptimal. |
Thanks raskin for the comments.
However,I have some difficulty in understanding your comments. The file 'config.gz' is compressed and it is on my system. When the computer starts, it is loaded along with the kernel. Is my understanding correct? |
Correct. The file contents is inside the kernel, though (/proc contains files that do not actually reside on your filesystem as separate files).
|
Thanks raskin
Let us say I will make a Linux server. I will buy a switch and connect couple of computers to make a small LAN. The purpose of the IPtables are to block some websites. I don't need a separate piece of hardware to work as a firewall. Am I correct? [ Today I have 3 working computers and I bought a small D-Link router. I haven't opened router package as yet.] |
the purpose of iptables is not "to block some websites", that's a massively crude simplification at best, and at worst just wrong - you'd use a proxy to block "websites" as you'd know them.
If you have a linux system then iptables can affect the IP traffic flow to, from and through that box. it can't do anything about traffic which isn't locally addressed to that box, i.e. traffic from the net, through the router and to a client. and your router will contain a switch and a firewall. don't buy another switch. |
Thanks acid kewpie for the comments.
The router, I bought, was a very cheap one. You could buy it for about 30 Euros. It has 4 holes. So I can connect 4 computers to make a LAN which consists 4 computers. Do you think this one is sufficient? |
First, I am ready to bet it has 5 Ethernet ports, not 4 (1 to connect the cable from your ISP and 4 to inner LAN).
It is probably DI-604 or something like that. It already includes switch, NAT (so your LAN will look like one computer to your ISP) and a simple firewall. |
You are very clever raskin. You have extrasensory perception.
It is DI-604. Is it good to make small LAN with a Linux server? Please leave your comments here. Now I am leaving for the gym for circuit training and I will be away for about 5 or 6 hours. |
I have no extrasensory perception. I have DI-604. Matching price & vendor is not hard in this case.
It is an OK router with a NAT. It is simple to configure. Basically, just plug it in and configure external interface using web browser from inside to 192.168.0.1. Later configure what you actually need when you think of it. I haven't yet stumbled upon some realistic need I'd need where it wouldn't let me do it while I saw it was possible with a better router. Well, establishing Freenet6 tunnel would be too much to ask from such a device. |
acid kewpie wrote the following:
the purpose of iptables is not "to block some websites", that's a massively crude simplification at best, and at worst just wrong - you'd use a proxy to block "websites" as you'd know them. If you have a linux system then iptables can affect the IP traffic flow to, from and through that box. it can't do anything about traffic which isn't locally addressed to that box, i.e. traffic from the net, through the router and to a client. and your router will contain a switch and a firewall. don't buy another switch. ---------------------------------------------------------------- From the wall I connect the Internet to my router. Afterwards I connect the server computer to the router. I can connect 4 more computers to the remaining 4 holes of the router to create a small LAN. What is the use of IPtables command to me? There are commands to block as well as accept packets from websites. I have never ever worked with IPtables. That is why I ask more on this. |
Why are you asking these questions??? I don't understand. if you want to learn about iptables then read the iptables howto. It doesn't make sense to just ask as why you'd want to use each command in turn...
iptables is for filtering network traffic in linux systems. that's what it's for. But if you're still going to refer to Ethernet sockets as "holes" then please please stay away from iptables. |
All times are GMT -5. The time now is 03:06 AM. |