On Monday 04 November 2002 06:33, Tony Nugent wrote: > To: psyche-list@redhat.com > From: Tony Nugent <tony@linuxworks.com.au> > Organization: Linux Works for network > Subject: Re: security level not changing > Date: Mon, 04 Nov 2002 13:23:15 +1000 > Reply-To: psyche-list@redhat.com > > On Sun Nov 03 2002 at 21:53, w wrote: > > > > and when I set firewall at 'High', I get: > > > > [root /root]$ cat /etc/sysconfig/iptables > > # Firewall configuration written by lokkit > > # Manual customization of this file is not recommended. > > # Note: ifup-post will punch the current nameservers through the > > # firewall; such entries will *not* be listed here. > > *filter > > > > :INPUT ACCEPT [0:0] > > :FORWARD ACCEPT [0:0] > > :OUTPUT ACCEPT [0:0] > > :RH-Lokkit-0-50-INPUT - [0:0] > > > > -A INPUT -j RH-Lokkit-0-50-INPUT > > -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT > > -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 198.6.1.60 --sport 53 -d 0/0 > > -j ACCEPT > > -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 198.6.1.70 --sport 53 -d 0/0 > > -j ACCEPT > > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT > > -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT > > COMMIT > > > > but, either way, I still don't have the sysconfig/iptables file: > > > > [root /root]$ cat /etc/sysconfig/iptables > > cat: /etc/sysconfig/iptables: No such file or directory > > > > Is this still a problem? > > Yes. You need to preserve that filtering state. Do this: > > # service iptables save > > and now do: cat /etc/sysconfig/iptables > > Cheers > Tony Thanks, that made the file. [root /root]$ service iptables save Saving current rules to /etc/sysconfig/iptables: [ OK ] [root /root]$ cat /etc/sysconfig/iptables # Generated by iptables-save v1.2.6a on Mon Nov 4 10:14:15 2002 *filter :INPUT ACCEPT [800:348408] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1738:345891] COMMIT # Completed on Mon Nov 4 10:14:15 2002 and, if I set the security to 'High', it now changes the file: [root /root]$ cat /etc/sysconfig/iptables # Firewall configuration written by lokkit # Manual customization of this file is not recommended. # Note: ifup-post will punch the current nameservers through the # firewall; such entries will *not* be listed here. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Lokkit-0-50-INPUT - [0:0] -A INPUT -j RH-Lokkit-0-50-INPUT -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT COMMIT so, this appears to be functioning. thanks. -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
