Is it just me or are you a wee bit confused about how to write an iptables script?
i.e. you set default ACCEPT policy on output and have ACCEPT output rules... but it shouldn't stop it working. How can you tell that this script isn't starting at boot? (Have you tried iptables -L ?) Could it be that your iptables script is: /usr/local/sbin/setiptables.bash It would help a lot if we knew which distribution you are running. |
Wow, what a firewall script. Thank god most of it is commented out...
No, seriously though -- you'll never get happy if you just keep aimlessly throwing things around and hope they'll just magically work somehow. Some hints: 1. Decide for a name and location of your firewall script. I have lost count of how many names you have already given for it in this thread. And make sensible choices. ('iptables' is *not* a good name for your script.) I'd suggest something like '/usr/local/sbin/firewall'. 2. There is a difference between "/" and "/root", even though "/" is pronounced "root". Yes, it's confusing. Well, not really. Only when you speak about it. 3. As others have already pointed out: you want to call your script from rc.local -- not the other way around. I.e. add a line '/usr/local/sbin/firewall' to your rc.local. Do not add any reference to rc.local to your firewall script. It does not make sense! 4. You want to use modprobe, not insmod. 5. As to your actual firewall script: I don't think it does what you think it does. Here is a suggestion to get you started: (you need to edit the settings in the top section) Code:
#!/bin/sh Rupert |
hi simon ....
i just check iptables -L on my terminal. it's show some detail about my firewall details. chain INput policy target prot opt source desination .. . . . .. . . chain FORWARD (policy Accept) target prot opt source desination . . . . ... chain FORWARD (POLICY aCCEPT) target prot opt source desination chain OUTPUT (POLICY ACCEPT) target prot opt source desination my iptables script path is "/" not /usr/local/sbin/setiptables.bash" WHAT SHOULD I DO....? |
hi simon .....
my iptables script path is "/" not /usr/local/sbin/setiptables.bash" |
Show the following command and the output:
cat /usr/local/sbin/setiptables.bash ... I'll explain: At the hop of your iptables script, there is a line which goes; # /usr/local/sbin/setiptables.bash i.e. a commented filename. This is usually the name of the script file. If this is the case, then your iptables script is actually /usr/local/sbin/setiptables.bash and not /iptables as previously stated. I'd like to verify this. |
Quote:
have you tried sudo iptables -L |
cat /usr/local/sbin/setiptables.bash
out put is cat: /usr/local/sbin/setiptables.bash :no such file or directory. |
i was tried " sudo iptables -L"
it's show some detail about my firewall details. chain INput policy target prot opt source desination .. . . . .. . . chain FORWARD (policy Accept) target prot opt source desination . . . . ... chain FORWARD (POLICY aCCEPT) target prot opt source desination chain OUTPUT (POLICY ACCEPT) target prot opt source desination |
This is funny ... is that a direct paste or did you edit it?
From that script you should have Chain INPUT (policy DROP) target prot opt source desination ... input rules chain FORWARD (policy ACCEPT) ... forward rules chain OUTPUT (policy ACCEPT) ... output rules ... this means that the firewall you designed is loaded. If they are all "policy ACCEPT" and no rules, then the firewall has not loaded. |
It's not direct paste....
and also the output is not noraml.... and also i get the report after i run my script only..... selvam. |
I just reboot the machine...
and go to terminal... and type "sudo iptables -L out put is chain Input (POLICY aCCEPT) target prot opt source desination (blank) chain FORWARD (POLICY aCCEPT) target prot opt source desination (blank) chain output (POLICY aCCEPT) target prot opt source desination (blank) but once i run my script.... ./iptables. now just type "sudo iptables -L out put is chain Input (POLICY aCCEPT) target prot opt source desination some ip datails and tcpor udp details and iprange come... chain FORWARD (POLICY aCCEPT) some ip datails and tcpor udp details and iprange come... target prot opt source desination some ip datails and tcpor udp details and iprange come... chain output (POLICY aCCEPT) target prot opt source desination some ip datails and tcpor udp details and iprange come... |
Well reboot then show result of:
sudo iptables -L [post edit: done while I was typing] cat /iptables cat /etc/rc.local This time, provide direct pastes which include the command with the output. In future, this is how you show someone your results: direct pastes which include the commands. Unless you report exactly what is there, you are wasting my time and yours. Pull your act together! (It's 1am and I'm getting cranky ... bed time! |
All times are GMT -5. The time now is 05:48 PM. |