I have installed Red Hat 7.1 on a machine and begun attempting to create a firewall using iptables. I believe I know what I need to do to make it happen but I began to write a script file which does not work as I expect it to. I shortened the file up to try to figure out what's happening. This is my script named rc.firewall
#!/bin/sh iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP exit 0 iptables is the program name, -P means change the default policy of the chain, INPUT is the chain, and DROP is the policy I want. If I type the lines for iptables from the prompt the policy changes as expected. When I attempt to run my script by typing sh rc.firewall, from the appropriate directory, I get the following, iptables: Bad policy name iptables: Bad policy name iptables: Bad policy name 'c.firewall: exit: bad non-numeric arg `0 It appears to me that iptables is run from the script, it recognizes the -P to change the policy, I believe it recognizes the chain name but drops the ball on the policy. Yes it is case sensitive and I am using the correct case. I have tried both. Further it does not seem to recognize 0 (zero) as a valid arguement after exit. However, typing sh to enter the shell then exit 0 doesn't generate an error message. Just for more info from the shell I typed exit n , a letter instead of a number and got the error message. Also I edited the script and put a semi-colon after the zero and that error message went away. Okay, what have I done wrong? Thanks in advance to whoever knows whats going on. |
I typed in the script you posted and got the results I expected. The script ran successfully and I had to trek down to my basement to rerun my firewall script on the console. (I lost my ssh)
I'm guessing that you have a problem with your shell. My system has a sym link for /bin/sh to bash. My bash is located in /usr/bin/bash. You may want to try to replace #!/bin/sh with #!/bin/bash in your script and run the script with bash ./rc.firewall. If that also fails, try to run bash in debug mode with the -x option: bash -x rc.firewall Good Luck Gary |
Go check out http://www.linux-firewall-tools.com -- they have a tool there that will setup a good firewall script tailored to your network. iptables was still experimental last I looked, but it'll at least give you a starting point if nothing else.
Good Luck |
All times are GMT -5. The time now is 12:22 AM. |