[lug] RH8 iptables

John Hernandez John.Hernandez at noaa.gov
Thu Nov 14 11:47:51 MST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hugh Brown wrote:

| On Thu, 2002-11-14 at 11:55, Nobuki Matsui wrote:
|
| >Dear all,
| >	I would like to know if /etc/sysconfig/iptables file is
| >self-contained in RH8.  Is there any other file that contains
| aliases or
| >some sort?  I find it difficult to tune it and the RH firewall
| >configuration GUI is too broad.  I'm also having a trouble letting smtp
| >traffic coming through with RH8 even though it is explicitely stated in
| >/etc/sysconfig/iptables file.
|
|
| They tend to punch dns through.  Best bet for finding it would be to do
| grep -r iptables /etc/rc.d/*
|
| and then look at the files it returns.

Nobuki, I would suggest a tool such as NARC to simplify the inital
creation of a sane ruleset.  It is more specific and flexible than
RH's tool.  This is just one of many such tools available at
freshmeat.net.  http://www.knowplace.org/netfilter/narc.html

The /etc/sysconfig/iptables file can be created by running
'iptables-save > /etc/sysconfig/iptables' once you get a working
ruleset.  Alternately, you should be able to issue the command
'service iptables save'.  Your OS will then load these rules at the
next iptables start.  Be sure to create a backup copy as well, because
RH's firewall tool (lokkit) will overwrite this file.

- --

~ |  John Hernandez - NOAA Boulder NOC - 303-497-6392
~ |  Mailstop R/OM62. 325 Broadway, Boulder, CO 80305
~ |  PGP Public Key ID: 586A7E23
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE90+/WB1Kl6VhqfiMRAv1QAJ9oG/MtCuKvsoH8q3abWubKX1T+1QCfZqV5
8kNwhl6MCTbuIOLsCEL3HNI=
=0p4s
-----END PGP SIGNATURE-----




More information about the LUG mailing list