topic Re: Switching from ipchains to iptables in Operating System - Linux

Switching from ipchains to iptables

Vernon Brown_4 — Fri, 02 Apr 2004 17:59:30 GMT

I'm trying to switch from ipchains to iptables; so far can't get it to work. Everything is fine until I start adding rules.

Here's what I get:

[root@linda sysconfig]# service iptables start
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying iptables firewall rules: [ OK ]
Bad argument `iptables'
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]
[root@linda sysconfig]# cat iptables
iptables -F

iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A OUTPUT -o lo -p all -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
iptables -a INPUT -p udp -i eth0 --dport 80 -j ACCEPT
iptables -p INPUT DROP
[root@linda sysconfig]#

Re: Switching from ipchains to iptables

Peeyush — Fri, 02 Apr 2004 18:28:10 GMT

Hey Vermon,

r u editing file manually?

#Cat IPtables -should look like this......
-------------------------------------
[root@abc sysconfig]# cat iptables
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
---------------------------------------

<>iptables<> -A INPUT -i lo -p all -j ACCEPT
<>---------<>is ur problem

Regards
Peeyush
http://geocities.com/peeyush_maurya/

Re: Switching from ipchains to iptables

Peeyush — Fri, 02 Apr 2004 18:31:38 GMT

Linuxis case sensitive

iptables -a INPUT -p udp -i eth0 --dport 80 -j ACCEPT
##### u r using small case 'a'
iptables -p INPUT DROP
##### u r using small case 'p'

Re: Switching from ipchains to iptables

Vernon Brown_4 — Fri, 02 Apr 2004 18:48:01 GMT

It worked !!
I copied and pasted your example and it ran without failing. I was doing it manually; didn't know how to make lokkit do it.

Vern

Re: Switching from ipchains to iptables

Peeyush — Fri, 02 Apr 2004 18:54:43 GMT

good work vermon

iptables r king of all firewall but if u want u can look at fwbuilder GUI Firewall
www.fwbuilder.org/
though there r many aviable
http://www.simonzone.com/software/guarddog/
http://firestarter.sourceforge.net/

regards
peeyush

Re: Switching from ipchains to iptables

Vernon Brown_4 — Sat, 03 Apr 2004 10:15:06 GMT

Followup: Success !!

Iptables seems to be blocking the hacks that took down my server four times last week. This morning Apache log shows three attempts to send buffer-overflow URI's overnight. All were rejected with the error message "URI too long for this server".

Thanks for the help !

Re: Switching from ipchains to iptables

Stuart Browne — Sat, 03 Apr 2004 18:42:18 GMT

The "URI Too long" messages aren't your firewall's doing. That's the updated apache ;)

But it's good to hear that your firewall is doing ok!

Incidentally, Apache only needs port 80 TCP, not UDP. So that's one less rule you need.