Re: [LUG] Roll-your-own firewall

To: list@xxxxxxxxxxxx
Subject: Re: [LUG] Roll-your-own firewall
From: Jonathan Melhuish <lists@xxxxxxxxxxxxxxxx>
Date: Sat, 29 Mar 2003 12:43:10 +0000
Reply-to: list@xxxxxxxxxxxx

On Saturday 29 Mar 2003 12:30 pm, Kai Hendry wrote:
> On Sat, Mar 29, 2003 at 12:22:00 +0000, Jonathan Melhuish wrote:
> > I'm trying to "roll my own" block-everything-external type firewall,
> > based loosely on Kai's instructions at:
> > http://db.cs.helsinki.fi/~hendry/faqwiz/faqw.py?req=show&file=faq01.020.h
> >tp However, I'm falling at the first hurdle:
> >
> > [root@xxxxxxxxx jon]# iptables -F
> > [root@xxxxxxxxx jon]#  iptables -A block -m state --state NEW -i ! ppp0
> > -j ACCEPT
> > iptables: No chain/target/match by that name
>
> Oops. It seems that I have forgotten to include this command:
> iptables -N block
>
> That creates a 'chain'.
>
> I hope that works, any other problems/comments please mail me.

Thanks, that did the trick!

It also didn't seem to like save_active:

[root@xxxxxxxxx jon]#  /etc/init.d/iptables save_active
Usage: /etc/init.d/iptables {start|stop|restart|condrestart|status|panic|save}
[root@xxxxxxxxx jon]#  /etc/init.d/iptables save
Saving current rules to /etc/sysconfig/iptables:                [  OK  ]

I dunno what it should be, hopefully just "save" is what was required.

Unfortunately now my outgoing connections seem to be completely buggered :-(

I did this:

[root@xxxxxxxxx jon]# iptables -N block
[root@xxxxxxxxx jon]# iptables -A block -m state --state NEW -i ! ppp0 -j 
ACCEPT
[root@xxxxxxxxx jon]#  iptables -A block -m state --state ESTABLISHED,RELATED 
-j ACCEPT
[root@xxxxxxxxx jon]#  iptables -A block -j DROP
[root@xxxxxxxxx jon]#  iptables -A INPUT -j block
[root@xxxxxxxxx jon]#  iptables -A FORWARD -j block

And now my iptables look like this:

[root@xxxxxxxxx jon]#  iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
block      all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
block      all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination

Chain LD (0 references)
target     prot opt source               destination

Chain SANITY (0 references)
target     prot opt source               destination

Chain STATE (0 references)
target     prot opt source               destination

Chain UNCLEAN (0 references)
target     prot opt source               destination

Chain block (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere           state NEW
ACCEPT     all  --  anywhere             anywhere           state 
RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere

What've I done wrong?

Cheers,

Jon

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.

Re: [LUG] Roll-your-own firewall
- From: Theo Zourzouvillys

References:
- [LUG] Roll-your-own firewall
  - From: Jonathan Melhuish
- Re: [LUG] Roll-your-own firewall
  - From: Kai Hendry

Prev by Date: Re: [LUG] Roll-your-own firewall
Next by Date: Re: [LUG] Roll-your-own firewall
Previous by thread: Re: [LUG] Roll-your-own firewall
Next by thread: Re: [LUG] Roll-your-own firewall
Index(es):
- Date
- Thread

Lynx friendly