Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
08-12-2005, 02:51 AM
|
#1
|
|
Member
Registered: Aug 2005
Distribution: Debian Sarge
Posts: 31
Rep: 
|
Location iptables config file
Hi,
I just installed debian, and want to configure iptables. Where can I find the configuratio file?
Regards,
Freakin'me
|
|
|
|
|
08-12-2005, 02:54 AM
|
#2
|
|
Senior Member
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109
Rep:
|
I do not think that Debian has one itself. You can make your own script and put it into the rc.d-folder to make it start on boot.
|
|
|
|
|
08-12-2005, 02:57 AM
|
#3
|
|
Member
Registered: Aug 2005
Distribution: Debian Sarge
Posts: 31
Original Poster
Rep:
|
I suppose you mean /etc/rc.d/ but that's exactly the tricky thing, I don't have that dir. I do have rc0.d up to rc6.d so I still do not know which one I should have.
I installed iptables using apt-get, maybe that does matter?
|
|
|
|
|
08-12-2005, 03:20 AM
|
#4
|
|
Senior Member
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109
Rep:
|
Yes, debian has rcX.d
The number X stands for different runlevels. You should put your script in init.d and then make a symlink to the rcX.d for which runlevel you want your script to run at.
Here's a good guide on the subject: http://www.tldp.org/HOWTO/From-Power...t-HOWTO-6.html
EDIT: via apt-get? I thought iptables came with Debian by default. Anyway, it should not matter. As long as you can handle iptables you will be fine making your own script.
If you are having troubles remembering everything you can always check the man pages. if you do not want to write your own iptables script you can google for some examples.
Last edited by Ephracis; 08-12-2005 at 03:23 AM.
|
|
|
|
|
08-12-2005, 03:35 AM
|
#5
|
|
Member
Registered: Aug 2005
Distribution: Debian Sarge
Posts: 31
Original Poster
Rep:
|
If I put that script in init.d, how does iptables know that it is intended for iptables?
For me being a linux noob, I've got one question left, how do I make an symlink?
Thanks for your help.
|
|
|
|
|
08-12-2005, 03:54 AM
|
#6
|
|
Senior Member
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109
Rep:
|
Quote:
|
If I put that script in init.d, how does iptables know that it is intended for iptables?
|
The script is actually a shell script, it just issues some iptables commands.
Quote:
|
For me being a linux noob, I've got one question left, how do I make an symlink?
|
ln -s /from/where /to/destination
man ln for more info.
EDIT:
Here you have my script:
Code:
#!/bin/sh
# flush the tables
iptables -F
iptables -Z
# drop everything by default
iptables -P INPUT DROP
# EXTERNAL
# ssh
iptables -A INPUT -s 0/0 -p tcp --dport 841 -j ACCEPT
# msn
iptables -A INPUT -s 0/0 -p tcp --dport 6891:6900 -j ACCEPT
# torrent
iptables -A INPUT -s 0/0 -p tcp --dport 6881:6889 -j ACCEPT
iptables -A INPUT -s 0/0 -p udp --dport 6881:6889 -j ACCEPT
# LOCAL
# kismet
iptables -A INPUT -i lo -p tcp --dport 2501 -j ACCEPT
# mysql
iptables -A INPUT -i lo -p tcp --dport 3306 -j ACCEPT
# accept already established connections
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
Last edited by Ephracis; 08-12-2005 at 03:58 AM.
|
|
|
|
|
08-12-2005, 05:43 AM
|
#7
|
|
Senior Member
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802
Rep:
|
Save yourself alot of time:
apt-get install guarddog
FYI, in debian all the startup scripts are located in /etc/init.d. The directories /etc/rc?.d are runlevel directories which contain symlinks to the scripts in /etc/init.d. The symlink will cause the script to start or stop depending on weather the symlink starts with an S or a K, e.g.
/etc/rc3.d/S20guarddog -> ../init.d/guarddog
The above symlink would cause guarddog to start when you enter runlevel 3 (/sbin/init 3.)
/etc/rc0.d/K20guarddog -> ../init.d/guarddog
If you do a shutdown the above symlink would cause guarddog to stop, the K stands for kill.
If you have an iptables script you really want to use, go ahead and install guarddog then put your iptables script here:
/etc/rc.firewall
Make sure it's executable. Then guarddog will start your script instead of its own.
|
|
|
|
|
08-13-2005, 02:26 PM
|
#8
|
|
Member
Registered: Aug 2005
Location: Rome
Distribution: Slackware 10.2 && Debian Sarge
Posts: 49
Rep:
|
Why you must use a firewall for the normal pc the firewall is unuseful try to close the service by #.
If you are sure to use the firewall in slackware you must created one file "rc.firewall" chmod 755 in /etc/rc.d/ and here u can put all rules.
ByE
|
|
|
|
|
08-14-2005, 07:30 AM
|
#9
|
|
Senior Member
Registered: Jan 2002
Location: St Louis, MO
Distribution: Ubuntu
Posts: 1,284
Rep:
|
An alternative using a full script is simply call
Code:
iptables-save > /path/to/save
to save your current rules to disk, then at boot simply execute
Code:
iptables-restore < /path/to/save
That way, if you make any adjustments to your filtering rules, you simply execute iptables-save again to update your saved ruleset, and the new rules will be loaded at next boot. |
|
|
|
|
08-14-2005, 07:57 AM
|
#10
|
|
Member
Registered: Jan 2005
Location: Between the chair and the desk
Distribution: Debian Sarge, kernel 2.6.13
Posts: 666
Rep:
|
Quote:
Originally posted by DarkNeo
Why you must use a firewall for the normal pc the firewall is unuseful
|
Yeah, sure...you can't be serious, right?
Quote:
Originally posted by freakin'me
If I put that script in init.d, how does iptables know that it is intended for iptables?
|
When the computer enters one of the runlevels which correspond to a certain rcX.d, it will read, line by line, and execute the scripts having an 'S' at the beginning of their name. And while the script contains commands that invoke /sbin/iptables, it's all taken care of.
Last edited by harken; 08-14-2005 at 08:01 AM.
|
|
|
|
|
08-14-2005, 08:01 AM
|
#11
|
|
Member
Registered: Aug 2005
Distribution: Debian Sarge
Posts: 31
Original Poster
Rep:
|
I've planned to use my server as a gateway as well, and I can't do anything about it, but then you need to configure some sort of firewall.........
|
|
|
|
All times are GMT -5. The time now is 01:44 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
