[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPtables...
For something like your firewall script you don't need to reboot. Just
cd to the /etc/init.d directory and ./'your script here'. A lot of the
built-ins like gdm and stuff have a stop/start/restart option (ie gdm
restart).
As root you can test iptables rules from a console
iptables ...
Just remember to clear out all the rules after you sort out what works
and what doesn't and everytime you use iptables with -A or -N switches
you are adding new rules. Not positive but I think the -X switch purges
all present rules. So then you can start your script with a 'clean
slate'.
Don't ask me questions about iptables - I'm virtually clueless :-)
Rod
Alexander Wallace wrote:
>
> Thanks Jason! Each time I do a new thing, the more I realize I know very
> little....
>
> I entered the rules for IPTables by hand, and everything seemed to have
> worked, except, after a while, I realized I was not getting any email! I
> created the file in /etc/inet.d and likn in /etc/rc2.d in place 40, I
> thought that would be good.. not knowing any better I rebooted and
> NOTHING WORKED! Quicly i deleted the link and again not knowing any
> better I rebooted... This time a whole bunch of rules, that I assume
> where default rules loaded and everything works and I'm receiving emails
> again (wew!)... I asume the default rules may not be too secure... I'll
> have to learn a bit more about iptables before messing with them
> again....
>
> Thank you!
>
> On Mon, 2002-01-07 at 02:18, [email protected] wrote:
> > The file name in init.d is irrelevant, the link name in rc2.d is not. It
> > must have the form "SXXwhateverelseherre", the SXX (where XX is the two
> > digit number representing the order in which the scripts are run) is the
> > important part. The number that you select is not trivial. For example,
> > if you start it two early, there might be certain services up in running
> > that are required. For example, before you can laod your firewall, the
> > networking support needs to be started. A common way of handling this is
> > to make a S99local link in rc2.d that points to a file (normally called)
> > local in init.d. In local you can run whatever extra things you want
> > started at boot, and pretty much be assured that everything else that is
> > important is started prior to its running. For example, in my local
> > script, I start my adsl-connect, load the firewall (I start my firewall
> > imeadiately after the connection is made, to minimize the time when
> > there is a connection with out a firewall...if I had a static IP, I
> > would start it prior to connecting), update my dns server, then run a
> > few other things, like loading kernel modules for sensors, so I can know
> > the temperature of my MB and CPU, as well as my fan speeds (they are
> > displayed in gkrellm).
> >
> > Hope that gets you started
> >
> > jason
> >
> >
> > On Sun, 06 Jan 2002, Alexander Wallace wrote:
> > > Hello there! Ok I got the libra gateway working! It was much easyer that
> > > I thought it would be...
> > >
> > > I have a quick question... What shold I do to have the rules for
> > > iptables load automatically at startup? What file shoudl I use? Where?
> > >
> > > I read something about placing a file in /etc/init.d and then link from
> > > /etc/rc2.d. I just what to make sure. I guess the file name is
> > > unimprtant right? and, does it matter if my connection is supposed to be
> > > dynamic?
> > >
> > > Also, me external adapter (eth1) is connected to a roadrunner modem,
> > > when I was doing the rules for ip tables, I gave the static IP for the
> > > external adapter... How do I tell IP tables that eth1 uses dhcp?
> > >
> > > Thanks!
> > >
> > > --
> > > The archive is at https://www.libranetlinux.com/archive.html
> > > To unsubscribe, send email to [email protected]
> > > with a subject of UNSUBSCRIBE.
> >
> > --
> > The archive is at https://www.libranetlinux.com/archive.html
> > To unsubscribe, send email to [email protected]
> > with a subject of UNSUBSCRIBE.
>
> --
> The archive is at https://www.libranetlinux.com/archive.html
> To unsubscribe, send email to [email protected]
> with a subject of UNSUBSCRIBE.
--
The archive is at https://www.libranetlinux.com/archive.html
To unsubscribe, send email to [email protected]
with a subject of UNSUBSCRIBE.