Raz,
That's worked a treat. Thanks very much.
<offers tin>
Please help yourself to a biscuit.

Further investigation has led me to conclude that rc.firewall is not running at all, which would explain why the rules are not working when they are in there.

I have:
#chown root rc.firewall
#chmod 700 rc.firewall

Linuxconf tells me, under service control that firewall is 'enabled', however every other service in there is either 'Automatic - Running' or 'Manual' ( not running )

Status controller lets me 'enable','temp-disable' or 'disable'

This is rc.firewall, isn't it? If not where is this controlled from, and could I use that?

Cheers,
Mike

Hi,

Goto the dir where the rc.firewall lives and do a "ls -l"
Does it look like this:
-rwx------ 1 root root 14998 Jun 8 16:07 rc.firewall

If yours looks like this but doesn't work, it's because you have some esc chars in it from when you copied it off the website.

I wouldn't use linuxconf to work out if the firewall is running.

go into the /etc/rc.d/rc5.d directory and look for a file like has the word iptables or netfilter in it.
This is the file that linuxconf is trying to restart.

just run it like this to see what happens: example
/etc/rc.d/rc5.d/S08iptables status
/etc/rc.d/rc5.d/S08iptables stop
/etc/rc.d/rc5.d/S08iptables start

Once the iptables daemon is running the rc.local file should run the rc.firewall file or any other one you put in there.

/Raz

Raz,

OK, I can't find any files called 'xxxIPTABLES' or 'xxxNETFILTER' in any of the rc(x).d directories, or anything similar, however, I have learned two important lessons today:

1. Don't copy scripts from the internet, leaving all the control characters all over the place.
2. If you do copy scripts from the internet, _remember_ that there _is_ a difference between 'iptables' and 'IPTABLES'

Thanks very much for all your help, I can get on with some decent rules now that I have got that to work.
Thanks again,

Mike

TWOFOURALPHA,
1. yes, unix (and therefore linux) is a case sensitive OS, therefore, iPtAblEs is different from IpTaBLeS =)

2. the files in /etc/rc.d/rc5.d/* are links to files in /etc/rc.d/init.d/*
rc5.d are the services to start if you are running runlevel 5 (graphical multiuser). Similarly, rc3.d are services for runlevel 3, text multiuser. To modify any files, you should probably edit the original file and not the link. See /etc/inittab (try man inittab) for runlevel info.

3. For the suggestion made by razbot, i believe he means for you to look at any "files" that contain iptables.. not any file*names* that contain iptables. "grep" is a command that will search the contents of a file, man grep for more info on it. Try this:
cd /etc/rc.d/init.d
grep iptables *
(grep for "iptables" in all files in current directory)