I have successfully used the firewall script "rc.firewall" from http://projectfiles.com/firewall/ It is very automatic, if you have a basic config, but also has quite a bit of configurability for those that wish it. It has easily handled everything I have needed, and the latest version includes a "DMZ" facility, so one should be able to have exposed servers (mail, web,...) with a degree of protection. Haven't tried this yet, but soon . . . I also have seen a number of recommendations for the Shorewall firewall, at http://www.shorewall.net/ I have not tried this one, but it is clearly very powerful, and quite extensive. HTH, A. Becker Alejandro =?ISO-8859-1?Q?Gonz=E1lez_Hern=E1ndez?= - Imoq <imoq@imoqland.com> wrote: > Hi! > > I sucessfully migrated from ipchains to iptables, but now I am having a > hard time in setting up the iptables firewall script. > > I used to edit /etc/sysconfig/ipchains by hand, since I am familiar with > it, but iptables is a whole new world. > > I tried to use: > > [root@imoqland rpms]# firewall-config > firewall-config: relocation error: firewall-config: undefined symbol: > __ti7QDialog > [root@imoqland rpms]# > > So, probably it's configured to use ipchains, isn't it? > > I also tried to use webmin's iptables configuration, but it's kind of > difficult. > > What I try to accomplish is to convert this little ipchains script to > iptables: > > :input ACCEPT > :forward ACCEPT > :output ACCEPT > -A input -s 0/0 -d 0/0 123 -p udp -j ACCEPT > -A input -s 0/0 -d 0/0 11371 -p tcp -y -j ACCEPT > -A input -s 0/0 -d 0/0 11371 -p udp -j ACCEPT > -A input -s 0/0 -d 0/0 4661:4663 -p tcp -y -j ACCEPT > -A input -s 192.168.0.0/255.255.0.0 -d 0/0 111 -p tcp -y -j ACCEPT > -A input -s 192.168.0.0/255.255.0.0 -d 0/0 137 -p tcp -y -j ACCEPT > -A input -s 192.168.0.0/255.255.0.0 -d 0/0 138 -p tcp -y -j ACCEPT > -A input -s 192.168.0.0/255.255.0.0 -d 0/0 139 -p tcp -y -j ACCEPT > -A input -s 192.168.0.0/255.255.0.0 -d 0/0 137 -p udp -j ACCEPT > -A input -s 192.168.0.0/255.255.0.0 -d 0/0 138 -p udp -j ACCEPT > -A input -s 192.168.0.0/255.255.0.0 -d 0/0 139 -p udp -j ACCEPT > -A input -s 192.168.0.0/255.255.0.0 -d 0/0 111 -p udp -j ACCEPT > -A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT > -A input -s 0/0 -d 0/0 -i lo -j ACCEPT > -A input -s 200.33.79.237 53 -d 0/0 -p udp -j ACCEPT > -A input -s 0/0 53 -d 0/0 -p udp -j ACCEPT > -A input -s 0/0 -d 0/0 -p tcp -y -j REJECT > -A input -s 0/0 -d 0/0 -p udp -j REJECT > > Do you know a tool that will allow me to do such conversion? Any other > tool more new-iptables-user intuitive? > > Thank you :) > > Alex. > > -- > ¡Sé libre, usa software libre! > Be free, use free software! > http://www.imoqland.com/ > > > > -- > Psyche-list mailing list > Psyche-list@redhat.com > https://listman.redhat.com/mailman/listinfo/psyche-list -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
