[WBEL-users] iptables - where and how to insert the rules ?

Graham Purcocks grahamp@wsieurope.com
Fri, 03 Dec 2004 13:56:31 +0000 

This is a multi-part message in MIME format.
--------------090106060601080200030301
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

I think its because you haven't defined the table to apply the rules to.

You need

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]

first

don't forget


COMMIT

at the end.

Use

iptables-save <file>

to see what it is expecting.

Also

man iptables

helps.

Hope this is useful
Graham


Mário Gamito wrote:
> Hi,
> 
> Thank you for your answer.
> 
> It doesn't work.
> /etc/sysconfig/iptables
> 
> # Máquinas autorizadas a aceder ao servidor de desenvolvimento.
> -A INPUT -s 127.0.0.1 -j ACCEPT #loopback
> -A INPUT -s 10.10.2.221 -j ACCEPT # Jardim
> -A INPUT -s 10.10.2.222 -j ACCEPT # Dina
> -A INPUT -s 10.10.2.223 -j ACCEPT # Filipe
> -A INPUT -s 10.10.2.224 -j ACCEPT # Pedro
> -A INPUT -s 10.10.2.225 -j ACCEPT # Vitor RJ45
> -A INPUT -s 10.10.2.226 -j ACCEPT # Vitor WiFi
> -A INPUT -s 10.10.2.227 -j ACCEPT # Gamito Intel 1Gb
> -A INPUT -s 10.10.2.228 -j ACCEPT # Gamito portatil WiFI
> -A INPUT -s 10.10.2.229 -j ACCEPT # Aragao
> 
> # O resto do pessoal fica à porta :)
> -A INPUT -s 10.10.2.0/24 -j DROP
> 
> 
> /etc/init.d/iptables restart
> 
> [root@nau sysconfig]# /etc/init.d/iptables restart
> Applying iptables firewall rules: iptables-restore: line 2 failed
>                                                            [FAILED]
> [root@nau sysconfig]#
> 
> What am i still doing wrong ?
> 
> Any help would be appreciated.
> 
> Warm Regards.
> 
> Graham Purcocks wrote:
> 
>> Thats because sysconfig/iptables is iptabled dump format.
>>
>> such as
>>
>> -A INPUT -p tcp -j tcp_packets
>>
>>
>> Mário Gamito wrote:
>>
>>> Hi,
>>>
>>> I'm currently running a development server based on WBEL, with a few 
>>> iptables rules, because i don't want no one except the development 
>>> team to access it.
>>>
>>> Well, i have this executable, rc.firewall in /etc, being called form 
>>> /etc/rc.local
>>>
>>> I believe this is not the right thing (TM) to do, although it works.
>>>
>>>  From what i saw in iptables ctl, the rules should be in 
>>> /etc/sysconfig/iptables, right ?
>>> But when i insert them in that file, i always get an error from 
>>> "/etc/init.d/iptables start", saying it doesn't recognize the text.
>>>
>>> Any help about how it should be done ?
>>>
>>> Thank you.
>>>
>>> Warm Regards.
> 
> 
> 

--------------090106060601080200030301
Content-Type: text/x-vcard; charset=utf-8;
 name="grahamp.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="grahamp.vcf"

begin:vcard
fn:Graham Purcocks
n:Purcocks;Graham
org:WSI Ltd;Engineering
adr:Hockley;;22-24 Vittoria Street;Birmingham;W.Midlands;B1 3PE;U.K.
email;internet:grahamp@wsieurope.com
title:Consultant Engineer
tel;work:+44 121 233 7600
tel;fax:+44 121 233 7666
x-mozilla-html:FALSE
url:http://www.wsieurope.com
version:2.1
end:vcard


--------------090106060601080200030301--