[TriLUG] IPTables

[Jason Tower]

if you're going to use iptables, you might as well go ahead and remove 
ipchains altogether (rpm -e ipchains).  or at the very least disable it 
(chkconfig ipchains off).

as for starting and running iptables, i find it easiest to simply create a 
shell script with the necessary commands (insert modules, change kernel 
networking parameters, iptables statements, etc), call it firewall.sh, chmod 
755 the file, and stick it in /etc.  then start it by adding 
"/etc/firewall.sh" at the end of /etc/rc.d/rc.local.  there are other ways of 
doing things with iptables, but i find this to be the easist, most 
straightforward, and easiet to troubleshoot and modify.

jason

On Thursday 02 January 2003 15:06, Jeff Bollinger wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I feel like I'm pretty familiar with how to write IPTables rules, but
> I'm a little confused about actually starting my filtering.  I have a
> file called "firewall" in /etc/sysconfig that I think contains some
> rules (this could be residual from some auto-generate scripts I've
> tried).  I've also got /etc/sysconfig/ipchains.  Which one of these do I
> edit?  Once I've written my rules, do I just issue a "service iptables
> start" and they're up and running?
>
> Thanks!
> Jeff
> - --
> Jeff Bollinger
> University of North Carolina
> IT Security Analyst
> 105 Abernethy Hall
> mailto: jeff_bollinger at unc dot edu
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.0 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE+FJvZvoVlxVBmgsURAkAMAKCUpJjyrodNcqWr2sruBth/bIVGYgCfVWhL
> 62AW+L17v6guIiP5XezBBkg=
> =lcsd
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html