Question about iptables in edgy
The enigma
enigma at rick-net.com
Mon Feb 26 23:36:24 UTC 2007
On Mon, 2007-02-26 at 20:56 +0100, Andreas wrote:
> The enigma wrote:
> > This is probably a silly question, but I'm rather new to Linux. Does
> > iptables file start by default with Ubuntu edgy? I just configured a
> > simple firewall called lokkit, and I checked to see if the chain entry
> > took, and it did. Now I just want to know by starting my machine,
> > booting into gnome desktop, does the iptables file configure the chains
> > within the boot routine by default, or do I have to set up a command,
> > like in the menu.lst file in grub, to use the iptables upon boot up. I
> > know, I know.. I don't really need a firewall, and lokkit is not the
> > most secure, I have a stand alone machine connected to a high-speed ISP.
> > I'm just slightly, the paranoid type (probably from using Windows all
> > these years).
> > Thanks
> >
> There are probably a couple of ways to do it, but I do it like this:
>
> First add some stuff to the firewall script so you can start and stop it
> with with start/stop input command.
> #!/bin/sh
>
> case "$1" in
> start)
> /sbin/iptables -A INPUT bla bla bla
> The rest of your iptables goes here
> ;;
> stop)
> /sbin/iptables -F
> ;;
> esac
>
> Make it executable
> chmod +x lokkit
>
> Now you can start your iptables firewall with /path/to/lokkit start and
> stop it with /path/to/lokkit stop.
>
> Copy the firewall script to /etc/init.d.
> cp /path/to/lokkit /etc/init.d
>
> Then make a symbolic link from the script to the runlevels so it starts
> automagically when you boot linux.
> cd /etc/rc2.d
> ln -s /etc/init.d/lokkit /etc/rc2.d/lokkit
> cd /etc/rc3.d
> ln -s /etc/init.d/lokkit /etc/rc3.d/lokkit
> cd /etc/rc4.d
> ln -s /etc/init.d/lokkit /etc/rc4.d/lokkit
> cd /etc/rc5.d
> ln -s /etc/init.d/lokkit /etc/rc5.d/lokkit
>
> Now it starts the iptables firewall when you boot linux. You can stop
> it, if you want to, with /etc/init.d/lokkit stop.
> Start it again with /etc/init.d/lokkit start.
>
> Hope this helps you a bit.
>
> /Andreas
>
Andreas,
Here's the chain created when I ran the application "Lokkit" which I
downloaded and ran. it came up with a GUI that allowed me to simply
check what I wanted, then create the firewall. It added the chains:
___________________________________________________________________
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
dpt:smtp flags:FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:www
flags:FIN,SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
ACCEPT udp -- 192.168.15.1 anywhere udp
spt:domain
REJECT tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp
reject-with icmp-port-unreachable
______________________________________________________________________
to my iptables file. I guess my question was, does iptables run (if
there's something in there) when you start ubuntu (like a config.sys
file in DOS). I'm assuming by your reply, it doesn't. I'm new at writing
scripts, I understand the "case" command you used in the example you
gave but I thought this application I downloaded, was a "dumb man's"
work around to having to write one. I was under the impression, you run
"Lokkit" once, go through the GUI to set your options and save, every
time you start ubuntu, it's set up. Does that sound right? Have you
heard of "Lokkit"?
Thanks
--
~ Rick D.
Evolution Email
Live free or die.
+Linux+
More information about the ubuntu-users
mailing list