LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-10-2004, 03:41 AM   #1
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Rep: Reputation: 30
Question iptables


I wish to query if it would be advisable to flush my current iptables configuration which was configured automatically during the installation of Linux. The reason I wish to flush is

1) Start anew
2) Learn how to write iptables

I understand from the man pages I can save my current configuration by issuing the command iptables-save however am unsure how to use it should the need arise to restore it. I appreciate any advice.
 
Old 08-10-2004, 04:03 AM   #2
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
On RedHat/Fedora, iptables rules are saved in /etc/sysconfig/iptables. You can rename this to iptables.old.

After this you can restart your iptables. This will prevent the rules created by RedHat install from loading at boot.

If your system is connected to the internet, please disconnect before you turn iptables off.

Last edited by ppuru; 08-10-2004 at 04:07 AM.
 
Old 08-10-2004, 04:03 AM   #3
barisdemiray
Member
 
Registered: Sep 2003
Location: Ankara/Turkey
Distribution: Slackware
Posts: 155

Rep: Reputation: 30
You can use it like these:

For backing up rules
#iptables-save > iptables.backup

and restoring them
#iptables-restore < iptables.backup

Hope these helps.
 
Old 08-10-2004, 04:07 AM   #4
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
Thanks guys. ppuru, your advice was helpful unfortunately I have stopped using Red Hat 9 and opted a distribution with the latest kernel and stock security.
 
Old 08-10-2004, 04:22 AM   #5
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
Exclamation create iptables

I just flushed my iptables and am starting a new. Now if I wish to block all output my understanding of writing iptables is

iptables -A OUTPUT -p all -i eth0 -j DROP

Would this be correct?
 
Old 08-10-2004, 04:30 AM   #6
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
Obie

We could have continued this discussion on your earlier post at

http://www.linuxquestions.org/questi...hreadid=215674
 
Old 08-10-2004, 04:33 AM   #7
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
sorry ppuru as I thought my question had been answered, I should start a new thread. I do apologise. If the moderators could somehow merge them I would be happy to continue from where I left off.

Meanwhile, I came across this script:
# Iptables firewall reset script
*filter
:INPUT ACCEPT [164:15203]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [147:63028]
COMMIT

*mangle
:PREROUTING ACCEPT [164:15203]
:INPUT ACCEPT [164:15203]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [147:63028]
:POSTROUTING ACCEPT [147:63028]
COMMIT

*nat
:PREROUTING ACCEPT [14:672]
:POSTROUTING ACCEPT [9:684]
:OUTPUT ACCEPT [9:684]
COMMIT

What does the numbers e.g. [164:15203] represent?
 
Old 08-10-2004, 04:42 AM   #8
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
the packets and bytes that these rules have handled...
 
Old 08-10-2004, 04:47 AM   #9
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
ppuru,

sorry I don't follow. Would you mind giving an example and also what would happen if it was simply [0:0]
 
Old 08-10-2004, 04:56 AM   #10
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
Also I noticed although I flushed my iptables i.e. iptables --flush it still has Chain INPUT (policy drop) rather than Chain INPUT (policy ACCEPT) Why is that?
 
Old 08-10-2004, 05:12 AM   #11
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
Quote:
sorry I don't follow. Would you mind giving an example and also what would happen if it was simply [0:0]
try iptables -Z. this will set the counters to [0:0].

Last edited by ppuru; 08-10-2004 at 05:20 AM.
 
Old 08-10-2004, 05:14 AM   #12
barisdemiray
Member
 
Registered: Sep 2003
Location: Ankara/Turkey
Distribution: Slackware
Posts: 155

Rep: Reputation: 30
Quote:
Originally posted by Obie
Also I noticed although I flushed my iptables i.e. iptables --flush it still has Chain INPUT (policy drop) rather than Chain INPUT (policy ACCEPT) Why is that?
When you flush only the rules will be cleaned but global policy will remain same. To change them use the command

Code:
iptables -P INPUT ACCEPT
Also a descriptive part from the man page of iptables:

Quote:
Flush the selected chain (all the chains in the table if none is given). This is equivalent to deleting all the rules one by one.
 
Old 08-10-2004, 06:57 AM   #13
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Quote:
Originally posted by Obie
If the moderators could somehow merge them I would be happy to continue from where I left off.
Done
 
Old 08-10-2004, 03:51 PM   #14
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
Capt_Caveman,

Sweet. I didn't know merging them would be possible but thank you.

ppuru,

I still don't follow what the numbers represent and how they work

-----------------------------------------------------------------
ppuru's quote:
try iptables -Z. this will set the counters to [0:0]
-----------------------------------------------------------------

barisdemiray,

Thank you for providing an example however I wish to understand when does it change to drop from accept and vice versa

-----------------------------------------------------------------
barisdemiray's quote:
When you flush only the rules will be cleaned but global policy will remain same. To change them use the command
iptables -P INPUT ACCEPT
-----------------------------------------------------------------
 
Old 08-10-2004, 04:42 PM   #15
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
Another query,

What does -I INPUT do exactly. I understand what -A(APPEND), -D(DELETE) and -R(REPLACE) do but still don't quite follow -I? Also whenever a guide for example refers to say "slot 3" does it mean the third line within say the INPUT chain?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
An error occured getting IPtables status from the command /etc/rc.d/init.d/iptables s CrazyMAzeY Linux - Newbie 10 08-12-2010 05:25 AM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 02:24 AM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM
iptables book wich one can you pll recomment to be an iptables expert? linuxownt Linux - General 2 06-26-2003 04:38 PM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration