[lug] RH8 iptables
John Hernandez
John.Hernandez at noaa.gov
Thu Nov 14 11:47:51 MST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hugh Brown wrote:
| On Thu, 2002-11-14 at 11:55, Nobuki Matsui wrote:
|
| >Dear all,
| > I would like to know if /etc/sysconfig/iptables file is
| >self-contained in RH8. Is there any other file that contains
| aliases or
| >some sort? I find it difficult to tune it and the RH firewall
| >configuration GUI is too broad. I'm also having a trouble letting smtp
| >traffic coming through with RH8 even though it is explicitely stated in
| >/etc/sysconfig/iptables file.
|
|
| They tend to punch dns through. Best bet for finding it would be to do
| grep -r iptables /etc/rc.d/*
|
| and then look at the files it returns.
Nobuki, I would suggest a tool such as NARC to simplify the inital
creation of a sane ruleset. It is more specific and flexible than
RH's tool. This is just one of many such tools available at
freshmeat.net. http://www.knowplace.org/netfilter/narc.html
The /etc/sysconfig/iptables file can be created by running
'iptables-save > /etc/sysconfig/iptables' once you get a working
ruleset. Alternately, you should be able to issue the command
'service iptables save'. Your OS will then load these rules at the
next iptables start. Be sure to create a backup copy as well, because
RH's firewall tool (lokkit) will overwrite this file.
- --
~ | John Hernandez - NOAA Boulder NOC - 303-497-6392
~ | Mailstop R/OM62. 325 Broadway, Boulder, CO 80305
~ | PGP Public Key ID: 586A7E23
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE90+/WB1Kl6VhqfiMRAv1QAJ9oG/MtCuKvsoH8q3abWubKX1T+1QCfZqV5
8kNwhl6MCTbuIOLsCEL3HNI=
=0p4s
-----END PGP SIGNATURE-----
More information about the LUG
mailing list