Using iptables
The Packet Filtering HowTo
http://www.netfilter.org/documentati...OWTO.html#toc1 seems to say that all you need to do to use iptables is make an init script that sets up the tables in the kernel. I have a personal pc with a dsl modem conected to the ethernet card. Two questions: 1. Is that all there is to it, or is there anything else you have do to? 2. Is there some documentation on how to design good ip tables? EDIT: I have the iptables tutorial, maybe that's enough. I'll post more specific questions if necessary. |
|
Quote:
|
Quote:
Quote:
I didn't know if there's some software to download, a bunch of config files to edit, or what. Quote:
|
Quote:
For a home PC, said script can be super simple, like say: Code:
#!/bin/sh EDIT: Remember to make the rc.firewall root-owned and executable. |
Quote:
Quote:
Quote:
Quote:
This line is in rc.netfilter: Code:
iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT |
Quote:
Code:
iptables -nvL Quote:
Code:
cat /proc/sys/net/ipv4/ip_forward BTW, can you post the contents of the default rc.netfilter file? I did a quick google and I got the impression it uses some sort of special layout, unlike rc.firewall. EDIT: According to this post on the Zenwalk forums, you just need to use iptables-save to save the configuration to the /etc/netfilter/policy.netfilter file. The startup script will pick it up from there. I don't know if this is true, though. I downloaded the Zenwalk manual and searched through it but couldn't find anything about how Zenwalk wants firewall rules to be set. I think you should get much better support in the LQ Zenwalk forum, as this is extremely distro-specific. So I'm moving this thread over there, and leaving a permanent redirect here in Security. |
@Hacker X, what version & edition of zenwalk are you running?
current is 4.8, snapshot is 5.0. but anyways, the 'stock' zenwalk init scripts include a firewall in /etc/rc.d/rc.inet1 if you want an rc.firewall script you can do so but have to modify /etc/rc.d/rc.inet1 to source rc.firewall like this: Code:
######################## I'm not a iptables guru though, I just use Alien Bob's easy firewall generator to create rc.firewall. hth |
Quote:
Quote:
In 2.6, iptables is all in rc.netfilter, including all the rules that win32sux suggested. Quote:
|
zw2.6 is pretty old stuff. sorry I wouldn't have the foggiest about whats on there..
there are four 'editions' of zenwalk : standard, core, live, and server. Whatever iso you have should be labeled as such, otw I have no idea where you'd find it. Its most likely something like standard, I don't know how many or if any of the other editions existed in 2.6. Quote:
|
All times are GMT -5. The time now is 08:18 PM. |