Re: Where to add own rules in /etc/sysconfig/iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2002-10-30 at 12:09, Michael Schwendt wrote:

> Without knowing the rest of your rules, I cannot comment on this.
> For instance, for DNAT to work, you would also need a corresponding
> rule in the FORWARD chain. For the localhost example to work, you
> would need a corresponding rule in the INPUT chain.

I knew I was missing something!

The rest of the rules are the ones that lokkit defined, deny everything
except what I accept; currently iptables look like this:

[root@imoqland root]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.2.6a on Wed Oct 30 11:18:39 2002
*mangle
:PREROUTING ACCEPT [173470:39522072]
:INPUT ACCEPT [128399:32986145]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [46517:5592160]
:POSTROUTING ACCEPT [49043:5890524]
COMMIT
# Completed on Wed Oct 30 11:18:39 2002
# Generated by iptables-save v1.2.6a on Wed Oct 30 11:18:39 2002
*nat
:PREROUTING ACCEPT [84144:12249623]
:POSTROUTING ACCEPT [5474:492754]
:OUTPUT ACCEPT [5474:492754]
[0:0] -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination
192.168.105.220:80
COMMIT
# Completed on Wed Oct 30 11:18:39 2002
# Generated by iptables-save v1.2.6a on Wed Oct 30 11:18:39 2002
*filter
:INPUT ACCEPT [18167:16391252]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [46516:5592045]
:RH-Lokkit-0-50-INPUT - [0:0]
[128398:32986080] -A INPUT -j RH-Lokkit-0-50-INPUT
[23322:2529889] -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 53 -j
ACCEPT
[0:0] -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --tcp-flags
SYN,RST,ACK SYN -j ACCEPT
[770:103971] -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
[76628:12914684] -A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
[0:0] -A RH-Lokkit-0-50-INPUT -s 192.168.1.169 -p udp -m udp --sport 53
-j ACCEPT
[82:5760] -A RH-Lokkit-0-50-INPUT -s some.ip -p udp -m udp --sport 53 -j
ACCEPT
[73:4474] -A RH-Lokkit-0-50-INPUT -s some.other.ip -p udp -m udp --sport
53 -j ACCEPT
[1054:54676] -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --tcp-flags
SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
[8302:981374] -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
--reject-with icmp-port-unreachable
COMMIT
# Completed on Wed Oct 30 11:18:39 2002

So, what are the rules in the FORWARD/INPUT chains that are missing?

As I said before, I am a an ipchains user just trying to migrate to
iptables.

Thank you.

Alex.

-- 
ˇSé libre, usa software libre!
Be free, use free software!
http://www.imoqland.com/



-- 
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
[Index of Archives]     [Fedora General Discussion]     [Red Hat General Discussion]     [Centos]     [Kernel]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat 9]     [Gimp]     [Yosemite News]

  Powered by Linux