Re: Switching from ipchains to iptables

Vernon Brown_4 · ‎04-02-2004

I'm trying to switch from ipchains to iptables; so far can't get it to work. Everything is fine until I start adding rules.

Here's what I get:

[root@linda sysconfig]# service iptables start
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying iptables firewall rules: [ OK ]
Bad argument `iptables'
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]
[root@linda sysconfig]# cat iptables
iptables -F

iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A OUTPUT -o lo -p all -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
iptables -a INPUT -p udp -i eth0 --dport 80 -j ACCEPT
iptables -p INPUT DROP
[root@linda sysconfig]#

Peeyush · ‎04-02-2004

Hey Vermon,

r u editing file manually?

#Cat IPtables -should look like this......
-------------------------------------
[root@abc sysconfig]# cat iptables
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
---------------------------------------

<>iptables<> -A INPUT -i lo -p all -j ACCEPT
<>---------<>is ur problem

Regards
Peeyush
http://geocities.com/peeyush_maurya/

any suggestion for my site.. http://geocities.com/peeyush_maurya/

Peeyush · ‎04-02-2004

Linuxis case sensitive

iptables -a INPUT -p udp -i eth0 --dport 80 -j ACCEPT
##### u r using small case 'a'
iptables -p INPUT DROP
##### u r using small case 'p'

any suggestion for my site.. http://geocities.com/peeyush_maurya/

Vernon Brown_4 · ‎04-02-2004

It worked !!
I copied and pasted your example and it ran without failing. I was doing it manually; didn't know how to make lokkit do it.

Vern

Peeyush · ‎04-02-2004

good work vermon

iptables r king of all firewall but if u want u can look at fwbuilder GUI Firewall
www.fwbuilder.org/
though there r many aviable
http://www.simonzone.com/software/guarddog/
http://firestarter.sourceforge.net/

regards
peeyush

any suggestion for my site.. http://geocities.com/peeyush_maurya/

Vernon Brown_4 · ‎04-03-2004

Followup: Success !!

Iptables seems to be blocking the hacks that took down my server four times last week. This morning Apache log shows three attempts to send buffer-overflow URI's overnight. All were rejected with the error message "URI too long for this server".

Thanks for the help !

Stuart Browne · ‎04-03-2004

The "URI Too long" messages aren't your firewall's doing. That's the updated apache ;)

But it's good to hear that your firewall is doing ok!

Incidentally, Apache only needs port 80 TCP, not UDP. So that's one less rule you need.

One long-haired git at your service...

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Switching from ipchains to iptables

Switching from ipchains to iptables