LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-15-2005, 12:03 AM   #46
DanielTan
Member
 
Registered: Sep 2004
Location: Malaysia
Distribution: FC6, Solaris
Posts: 340

Original Poster
Rep: Reputation: 30

Hi, another question. If I cut and paste your example, then I have to add in my user defined chain to your rules ?

Regards
Daniel


Quote:
Originally posted by Capt_Caveman
See the man page for iptables (man iptables). Specifically the -X option.

The /etc/sysconfig/iptables file is sensitive to formating, so you should really only use the command 'iptables-save > /etc/sysconfig/iptables' to save rules to that file. The command 'service iptables save' just does the same thing. Directly editing it can cause problems that are hard to troubleshoot. For example, not having carrriage returns at proper parts of the file can cause the rules to fail to load even though the rules technically look correct.
 
Old 11-15-2005, 07:09 AM   #47
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Firstly, do you mean using -X option for iptables can automatically deleted those user defined chains ?
From the man page:
Quote:
-X, --delete-chain
Delete the specified user-defined chain. There must be no references to the chain (if there are you must delete or replace the referring rules before the chain can be deleted). If no argument is given, it will attempt to delete every non-builtin chain.
So in order not to direct editing it, I have to create a backup file ,edit it and make it executable and try loading it to ensure it is ok , right ? If it is ok, then I iptables-save > /etc/sysconfig/iptables and load at bootup ?

No.
1. Create a backup of /etc/sysconfig/iptables
2. Create a brand new file
3. Copy and paste those rules I posted earlier into new file
4. Make it executable
5. Run new file
6. Check output of 'iptables -vnL' to make sure all rules loaded properly
7. Run 'service iptables save'


Code:
cp /etc/sysconfig/iptables /etc/sysconfig/iptables-backup
vi /etc/sysconfig/new-firewall-script
<press ctrl-i to start insert mode>
<copy and paste firewall rules that I posted earlier into /etc/sysconfig/new-firewall-script>
<press esc button to leave insert mode>
<type :wq to save and quit vi>
chmod u+x /etc/sysconfig/new-firewall-script
cd /etc/sysconfig/
./new-firewall-rules
iptables -vnL
<look through output to make sure everything looks ok>
<try using your web browser, pinging a website, etc to make sure that everything works ok (do not reboot yet)>
service iptables save
Don't know how to explain it any better than that
 
Old 11-16-2005, 10:09 PM   #48
DanielTan
Member
 
Registered: Sep 2004
Location: Malaysia
Distribution: FC6, Solaris
Posts: 340

Original Poster
Rep: Reputation: 30
Hi, in your iptables which line of statement i need to add the user defined chain to ? Thanks

Regards
Daniel

Quote:
Originally posted by Capt_Caveman
Those will need to be deleted. If you follow the directions I posted here then it will do that for you. I would recommend that you do not edit the /etc/sysconfig/iptables file directly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
setting the firewall one_ro SUSE / openSUSE 2 02-17-2005 05:10 PM
Setting up a firewall myguest Linux - Security 5 08-02-2004 12:32 PM
setting up a firewall behind a router mattmc97 Linux - Security 3 05-05-2004 04:36 PM
Setting up MDK 9.2 Firewall raysr Linux - Newbie 13 01-05-2004 07:46 PM
Setting up firewall linuxfond Linux - Newbie 3 02-21-2003 01:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration