> With the typos fixed, your /etc/sysconfig/iptables looks correct,
> but that is hard to verify because you didn't post the original
> unmodified file.
My notebook came without a floppy and I have neither the modem nor the
nic working. I really have no way to make a precise copy of the tiny
iptables file to bring over to the desktop to post other than burning a
cd. Haven't tried that yet but it seems unnecessary ... see following.
I made no changes to the file so it should be stock. My RH9 install is
stock as well, no updates. (I have ordered a cd from KRUD, but given my
inability to communicate from my notebook updates are otherwise
currently impossible anyhow.)
I just printed my post and then went through my iptables file line by
line and character by character. Below is the precise content. I had
missed the line: "-A FORWARD -j RH-Lokkit-0-50-INPUT"
#Firewall configuration written by lokkit
#Manual configuration of this file is not recommended.
#Note: ifup-post will punch the current nameservers through the
# firewall. Such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT
Is the clue in the line I had missed?
--
Thanks! dmc :-D
~~~~~~~~~~~~~~~~~~~~~~~~~
|
Jesus === Freedom
|
~~~~~~~~~~~~~~~~~~~~~~~~~
--
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
