[TriLUG] IPTables

gregbrown at mindspring.com gregbrown at mindspring.com
Thu Jan 2 15:55:53 EST 2003


I just recently migrated a system from ipchains to iptables (on RH 7.x). 
Here's how I saved my iptables to a file and configured the machine to restart
with iptables and not ipchains.  Here's what I did:

(all steps as root)
1. chkconfig --level 2345 ipchains off
2. service ipchains stop
3. chkconfig --level 2345 iptables on
4. service iptables start
5. iptables -A INPUT -p tcp --syn --destination-port 22 -j ACCEPT
6. ..and so on

Once all my chains were loaded I then ran:
service iptables save

This created my /etc/sysconfig/iptables file.  I then restarted with init 6,
checked to see what was running (iptables was, ipchains was not) then I port
scanned the buggar to see if the ports I expected to have open, and closed,
were (and it worked).

Hope that helps.

Greg


On Thu, 02 Jan 2003 15:06:49 -0500 Jeff Bollinger <jeff01 at email.unc.edu>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I feel like I'm pretty familiar with how to
> write IPTables rules, but
> I'm a little confused about actually starting
> my filtering.  I have a
> file called "firewall" in /etc/sysconfig that I
> think contains some
> rules (this could be residual from some
> auto-generate scripts I've
> tried).  I've also got /etc/sysconfig/ipchains.
>  Which one of these do I
> edit?  Once I've written my rules, do I just
> issue a "service iptables
> start" and they're up and running?
> 
> Thanks!
> Jeff
> - --
> Jeff Bollinger
> University of North Carolina
> IT Security Analyst
> 105 Abernethy Hall
> mailto: jeff_bollinger at unc dot edu
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.0 (GNU/Linux)
> Comment: Using GnuPG with Mozilla -
> http://enigmail.mozdev.org
> 
> iD8DBQE+FJvZvoVlxVBmgsURAkAMAKCUpJjyrodNcqWr2sruBth/bIVGYgCfVWhL
> 62AW+L17v6guIiP5XezBBkg=
> =lcsd
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> TriLUG mailing list
>    
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>    
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
> 




More information about the TriLUG mailing list