[TriLUG] iptables/ipchains (WAS: Security woes)

That One Guy trilug at ichi.net
Wed Jan 16 11:06:06 EST 2002


The firewall that gets setup by default in RH is ipchains still, I believe.  
The default config files are in /etc/sysconfig.  For ipchains it is 
/etc/sysconfig/ipchains and for iptables it is /etc/sysconfig/iptables.  
These files will not exist unless either you create them or have it done at 
install time.

Generally, I don't edit these files.  I have a firewall ruleset (just a shell 
script using iptables) somewhere else and edit that which is a little more 
readable.  After editing the ruleset, I'll make that ruleset active by 
running the script.  

Once you have the ruleset active and like you want it, you can run 
"/etc/init.d/iptables save" OR "/etc/init.d/ipchains save" which will save 
your current active ruleset to the proper file in /etc/sysconfig.

Hope this helps,
TOG

On Wednesday 16 January 2002 10:50 am, Ben Pitzer wrote:
> Roy,
>
> On most Red Hat 7.x installs, the iptables were set up at the outset if
> you chose high security during the install process.  This means that you
> can probably do anything you want going out, but coming back in,
> fuggedaboutit.  Look into your iptables config (I don't remember where
> it's stored on RH boxes, offhand.  Anybody?), and modify that.  You'll
> probably want to add a line at the top of the list to open the
> appropriate ports, and I'm sure someone here, myself included, could
> help you with that if you need it.
>
> Of course, I may be saying that to you only to find out that not only
> did you check on it already, you checked some of the iptables sources
> into CVS.  Just the same, I hope this helps.
>
> Regards,
> Ben Pitzer
>
> On Wed, 2002-01-16 at 08:50, Vestal, Roy L. wrote:
> > RHL 7.2, 2.4.16 with Win4Lin support and ext3 patch.
> >
> > -----Original Message-----
> > From: Ben Pitzer [mailto:uncleben at mindspring.com]
> > Sent: Tuesday, January 15, 2002 10:09 PM
> > To: trilug at trilug.org
> > Subject: Re: [TriLUG] Security woes
> >
> >
> > Roy,
> >
> > What distro/version are you running, and what kernel?
> >
> > On Tue, 2002-01-15 at 11:19, Vestal, Roy L. wrote:
> > > I need to start being able to ssh telnet, ssh ftp, and vnc my box here
> > > at work. However, when I try to telnet, ssh telnet, ftp, or ssh ftp, I
> > > get "connection refused". I'm not sure where to start troubleshooting.
> > >
> > > Also, I can VNC out, but not in. I'm assuming it's related.  I do not
> > > have
> >
> > a
> >
> > > firewall setup at this time.
> > > _______________________________________________
> > > TriLUG mailing list
> > > http://www.trilug.org/mailman/listinfo/trilug
> >
> > _______________________________________________
> > TriLUG mailing list
> > http://www.trilug.org/mailman/listinfo/trilug



More information about the TriLUG mailing list