iptables

    Diese Seite verwendet Cookies. Durch die Nutzung unserer Seite erklären Sie sich damit einverstanden, dass wir Cookies setzen. Weitere Informationen

    • RE: iptables

      Check this link out for a simple introduction.

      I CAN ONLY WARN YOU: be VERY CAREFUL, cuz can lock youself out of your box as easy as this: 'iptables -F' (provided you have set your default policy to DROP).
      :273:
      Mamba
      checking for long long... yes<br>
      checking for long double... yes<br>
      +++ Divide By Cucumber Error. Stopping. +++<br><br>

    • RE: iptables

      Iptables should be installed by default on all CentOS 3.x, 4.x and 5.x installations. You can check to see if iptables is installed on your system by:

      $ rpm -q iptables
      iptables-1.3.5-1.2.1

      Ok, so I opened up telnet and entered the above command. And I got.

      -sh: $: not found

      Not a very good start

    • Cheers for that.

      Tried iptables -L and got

      modprobe: module ip_tables not found in modules.dep

      iptables v1.4.6: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
      Perhaps iptables or your kernel needs to be upgraded.

    • Cheers for that. THats got me a little further.

      I'm currently writing the rules to flush the original ones. It's giving an error on this line

      iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

      it comes back,
      iptables: No chain/target/match by that name

      This was the entire code

      # iptables -P INPUT ACCEPT
      # iptables -F
      # iptables -A INPUT -i lo -j ACCEPT
      # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
      # iptables -A INPUT -p tcp --dport 22 -j ACCEPT
      # iptables -P INPUT DROP
      # iptables -P FORWARD DROP
      # iptables -P OUTPUT ACCEPT
      # iptables -L -v

      Cheers!

    • Did you install the xt-state kernel modul ?

      Quellcode

      1. opkg update
      2. opkg install kernel-module-xt-state
      3. depmod -a


      Here is a list of all available modules (don't forget depmod -a after install a modul):
      kernel-module-ip-conntrack - 2.6.18-r7 - ip-conntrack kernel module
      kernel-module-ip-nat - 2.6.18-r7 - ip-nat kernel module
      kernel-module-ip-tables - 2.6.18-r7 - ip-tables kernel module; IPv4 packet filter
      kernel-module-iptable-filter - 2.6.18-r7 - iptable-filter kernel module; iptables filter table
      kernel-module-iptable-nat - 2.6.18-r7 - iptable-nat kernel module

      kernel-module-x-tables - 2.6.18-r7 - x-tables kernel module; [ip,ip6,arp]_tables backend module
      kernel-module-xt-mac - 2.6.18-r7 - xt-mac kernel module; iptables mac matching module
      kernel-module-xt-state - 2.6.18-r7 - xt-state kernel module; ip[6]_tables connection tracking state match module
      kernel-module-xt-tcpudp - 2.6.18-r7 - xt-tcpudp kernel module; x_tables match for TCP and UDP, supports IPv4 and IPv6

    • Cheers for the list of modules. Greatly appreciated!!

      I've added all the lines now

      # iptables -P INPUT ACCEPT
      # iptables -F
      # iptables -A INPUT -i lo -j ACCEPT
      # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
      # iptables -A INPUT -p tcp --dport 22 -j ACCEPT
      # iptables -P INPUT DROP
      # iptables -P FORWARD DROP
      # iptables -P OUTPUT ACCEPT
      # iptables -L -v

      Gone to save it via

      # /sbin/service iptables save

      Gives an error, -sh: /sbin/service: not found

      Take it theres something else required?

    • Hi, the guide mamba posted says

      Finally, the last thing we need to do is save our rules so that next time we reboot our computer our rules are automatically reloaded:


      # /sbin/service iptables save
      This executes the iptables init script, which runs /sbin/iptables-save and writes the current iptables configuration to /etc/sysconfig/iptables. Upon reboot, the iptables init script reapplies the rules saved in /etc/sysconfig/iptables by using the /sbin/iptables-restore command.

      So I tried /sbin/service iptables save

      but i get not found.

    • Cuz it's not there. ;)

      Try setting the rules and then reboot the box. Now check if iptables kept the rules and the policy. Does it?

      Mamba
      checking for long long... yes<br>
      checking for long double... yes<br>
      +++ Divide By Cucumber Error. Stopping. +++<br><br>

    • OK. I had thought at least the policies would survived.

      Check this one out: click.

      iptables-save and -restore does exist. :D
      checking for long long... yes<br>
      checking for long double... yes<br>
      +++ Divide By Cucumber Error. Stopping. +++<br><br>

    • Hi you tried this?

      # vi /etc/network/interfaces

      Append the line to eth0 section:

      'post-up iptables-restore'

      Mamba
      checking for long long... yes<br>
      checking for long double... yes<br>
      +++ Divide By Cucumber Error. Stopping. +++<br><br>

    • Original von mamba0815
      Hi you tried this?

      # vi /etc/network/interfaces

      Append the line to eth0 section:

      'post-up iptables-restore'

      Mamba


      Hmmm,

      the files currently says

      auto lo
      iface lo inet loopback

      auto eth0
      iface eth0 net static
      address ***.***.***.***
      netmask ***.***.***.***
      gateway ***.***.***.***

    • Well, wh don't you give it a shot? :D
      checking for long long... yes<br>
      checking for long double... yes<br>
      +++ Divide By Cucumber Error. Stopping. +++<br><br>

    • Then the easiest way would be to genereate a script under /etc/init.d/ and a softlink to there from /etc/rc3.d/S90xxxx.

      I am going to think about this over the course of the next days. Let's see what is the best way ...

      Mamba
      checking for long long... yes<br>
      checking for long double... yes<br>
      +++ Divide By Cucumber Error. Stopping. +++<br><br>