Question about iptables in edgy

Mon Feb 26 18:58:41 UTC 2007

The enigma wrote:

> This is probably a silly question, but I'm rather new to Linux. Does
> iptables file start by default with Ubuntu edgy? I just configured a
> simple firewall called lokkit, and I checked to see if the chain entry
> took, and it did. Now I just want to know by starting my machine,
> booting into gnome desktop, does the iptables file configure the
> chains within the boot routine by default, or do I have to set up a
> command, like in the menu.lst file in grub, to use the iptables upon
> boot up. I know, I know.. I don't really need a firewall, and lokkit
> is not the most secure, I have a stand alone machine connected to a
> high-speed ISP. I'm just slightly, the paranoid type (probably from
> using Windows all these years).

The short answer to your question is "yes".

The long answer... 

It might help to understand that Lokkit isn't a firewall, nor is
iptables. The firewall is named 'netfilter', and it loads every time
Linux loads. It's part of the Linux kernel itself for all intents and
purposes. By default it loads with no rules though, and passes all
traffic in both directions.

Iptables is nothing more than a (barely) human readable way to add and
remove rules in real time. Lokkit builds on top of that, making the
process a little more human friendly with a simple GUI and a specific
way to save and reload rules.

There's two common ways to get netfilter to do something useful
automatically. A script that calls iptables multiple times to load rules
one by one, or a script that uses iptables-restore to load a whole set
of rules previously saved with iptables-save. Lokkit uses the former I
believe.

Lokkit installs an init script at /etc/init.d/lokkit, which in turn
calls another 'lokkit' script in /etc/default (if memory serves). It
also creates the proper symlinks in various /etc/rc*.d directories to
run the whole mess at relevant runlevel startups, and load your firewall
rules when necessary.

Whether or not all that actually happens is another matter. ;)

If you want to check, reboot, open a terminal, and invoke 'sudo iptables
--list'. The password it asks fro is yours. If the gibberish it outputs
says much more than "Chain XXXXX (Policy ACCEPT)" a couple/three times
then something is in deed loading you a set of firewall rules.

Whether that rule set is what you want or even useful, is... another
matter. :O)

-- 
     _?_      Outside of a dog, a book is a man's best friend.
    (o o)         Inside of a dog, it's too dark to read.
-oOO-(_)--OOo------------------------------[ Groucho Marx ]---
                    http://wrench.homelinux.net/~jeff/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070226/c260b6e3/attachment.sig>