Quote:
although I am nearly certain that I don't have any iptables set up.. is there any way I could make myself 100% sure?
/etc/rc.d/rc.firewall isn't executable.
|
All I know is that it's very common on Slack to have the 2nd or very bottom output from: iptables -L
when there is no firewall.
But, (and in contrast) first, next, the firewall is on, alive, active in real time:
root@AB60R:~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
bad_packets all -- anywhere anywhere
DROP all -- anywhere ALL-SYSTEMS.MCAST.NET
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
tcp_inbound tcp -- anywhere anywhere
udp_inbound udp -- anywhere anywhere
icmp_packets icmp -- anywhere anywhere
DROP all -- anywhere anywhere PKTTYPE = broadcast
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `INPUT packet died: '
#<snipped many more lines of -L (list) of (I guess they are) firewall rules>
root@AB60R:~# cd /usr/local/bin
root@AB60R:/usr/local/bin# pwd
/usr/local/bin
root@AB60R:/usr/local/bin# lsag fire
lrwxrwxrwx 1 root root 21 2007-09-15 23:13 firehol -> /etc/rc.d/rc.firewall*
root@AB60R:/usr/local/bin# firehol stop
Loading kernel modules ...
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.log_martians = 1
Flushing Tables ...
Firewall completely flushed! Now running with no firewall.
root@AB60R:/usr/local/bin# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@AB60R:/usr/local/bin#
This here latter, the above, iptables -L output is what that command's output looks like on my Slack 12 when there is no firewall.
--
Alan.