how do i configure IPtables on my slackware system?

I have heard that IPtables doesnt come pre-configured with slackware (like it does with some other big distros), so my question is... how do i configure and start iptables, and how do i get it to start on startup.

Taken from the Security reference thread in the Security forum: http://www.linuxquestions.org/questi...threadid=45261

Nice link for IPTables tutorial found here: http://iptables-tutorial.frozentux.n...-tutorial.html

There are also a few others in that thread, check them out as they should provide the information your seeking.

Try this link: http://simplylinux.punted.net/Usingiptables.html

Ok i followed the link dirren sent and i downloaded arno-iptables-firewall.tgz or whatever it is. Anyways i downloaded it and did what he said to do and i keep getting this error when i try to start iptables:

root@DarkPunk:/home/Matt/arno# /etc/rc.d/rc.iptables start
Arno's IPTABLES Firewall Script v1.8.1RC-2
---------------------------------------------------------------
/etc/rc.d/rc.iptables: /etc/iptables-firewall.conf: line 48: syntax error near unexpected token `('
/etc/rc.d/rc.iptables: /etc/iptables-firewall.conf: line 48: `# connected to doesn't have an IP, you should leave the MODEM_xxx options disabled (default)! #'
ERROR: The required variable EXT_IF is empty!
Please, correct this by checking the settings in the configuration file.
root@DarkPunk:/home/Matt/arno#

I know it says EXT_IF is empty but i made sure it had "eth0" in it so it looks like this EXT_IF="eth0" like he said to do in the readme type file on the site ill post the section that i put this in maybe i edited the wrong section if anyone else gets this error or had this error and fixed it or EVEN knows how to fix this PLZ HELP ME anyways here it is:

# Required variables for correct operation #
############################################
IPTABLES="/usr/sbin/iptables" # Location of the iptables-binary (use 'locate
iptables' or 'whereis iptables'
# to manually locate it).
EXT_IF="eth0" # The external interface that will be protected (and used
as internet connection)
# This is probably ppp+ for (A)DSL (for non-transparant (A)DSL r$
# otherwise it should be "ethX" (ex. eth0)
EXT_IF_DHCP_IP=1 # Enable if THIS machines (dynamically) obtains its IP
through DHCP (from your ISP)

plz help me thanx!!!

Matt3333

This is how yours looks like:

# Required variables for correct operation #
############################################
IPTABLES="/usr/sbin/iptables" # Location of the iptables-binary (use 'locate
iptables' or 'whereis iptables'
# to manually locate it).
EXT_IF="eth0" # The external interface that will be protected (and used
as internet connection)
# This is probably ppp+ for (A)DSL (for non-transparant (A)DSL r$
# otherwise it should be "ethX" (ex. eth0)
EXT_IF_DHCP_IP=1 # Enable if THIS machines (dynamically) obtains its IP
through DHCP (from your ISP)

This is how it should look:

# Required variables for correct operation #
############################################
IPTABLES="/usr/sbin/iptables" # Location of the iptables-binary (use 'locate
#iptables' or 'whereis iptables'
# to manually locate it).
EXT_IF="eth0" # The external interface that will be protected (and used
#as internet connection)
# This is probably ppp+ for (A)DSL (for non-transparant (A)DSL r$
# otherwise it should be "ethX" (ex. eth0)
EXT_IF_DHCP_IP=1 # Enable if THIS machines (dynamically) obtains its IP
#through DHCP (from your ISP)

See the difference? gl

Yup i sure do once something gets tabed to the other line it has to be commented?? is that what your saying?? Thanx for ur replys!!!


Matt3333

nice link, but i dont understand a few parts.

--------------------------------------------------
IPTABLES="/usr/sbin/iptables" # Do "whereis iptables" to find out where it is
EXT_IF="eth0" <<1>>
DYNAMIC_IP=1 <<2>>
#MODEM_IF="eth0"
MODEM_IP="192.168.1.1" # This is your router or ISP <<3>>
MODEM_IF_IP="127.0.0.1" # This is your PC. Do "ifconfig" to find out eth0 inet addr
-------------------------------------------------

1) do i just put my modem's name here? like for me its name is /dev/ttyHSFS0

2) so i put this if im on a dial up with a dynamic IP?

3) i dont understand what to put here.

Ok awsome i got it working thanx dirren. Hm does anyone know if its possible to like congifure it so that port 21,20...etc are closed but when i want to just like shut off iptables or something like that?? The resone why im asking is obiously b/c i want to use my ftp and ssh for transfering stuff from my comp to my work one?? But like during the day i want ftp and ssh closed and like the only ports i will need open during the night is 21,20 and the rest of them closed. If this is making sense Plz Help me Thanx for ur help so far.


Oh and e1000 You dont need to put anything after EXT_IF="eth0" here ill show you:

IPTABLES="/usr/sbin/iptables" # Do "whereis iptables" to find out where it is
EXT_IF="eth0" (ok here u dont need anything after the quotes but if a line comes down into here like this then u have to comment it................................................................)
DYNAMIC_IP=1 (Here just leave it)
#MODEM_IF="eth0"
MODEM_IP="192.168.1.1" # This is your router or ISP ( This one u can leave blank i believe its default to leave it blank along with MODEM_IF_IP Just watch out for the line coming down or if does just make sure u comment it in like shown above my post)
MODEM_IF_IP="127.0.0.1" # This is your PC. Do "ifconfig" to find out eth0 inet addr

I hope that made sense!!!!!!! Anyways good luck!



Matt3333

ok, I did "iptables -xnvL" and i got a bunch of output but it only showed IP adresses as 0.0.0.0, there wasnt one valid ip address in there, is this cause its not working, or cause im on a dynamic IP?