[WBEL-users] iptables - where and how to insert the rules ?

Raúl D: Pittí Palma rdpitti@globaltecsa.com
Fri, 03 Dec 2004 17:21:21 -0500 

Hi mario!
depending on what you want to do, i have found the following tools usefuls

http://www.fwbuilder.org/     used to create  a very customized firewall
and
http://www.fs-security.com/download.php      not as customizeable as 
fwbuilder, but it is easy to use.  I used it to firewalling all the 
servers i deployed.

hope this will help you.
RP
p.s. if you decided to use one of these packages, you need to turn off 
the redhat provided firewall script. (using chkconfig or ntsysv)





Mário Gamito wrote:

> Hi,
>
> Thank you for your answer.
>
> I did what you told me.
> Now... where are the rules saved ?
>
> Thank you.
>
> Warm Regards,
> Mário Gamito
>
> Kirby C. Bohling wrote:
>
>> On Fri, Dec 03, 2004 at 12:07:01PM +0000, Mário Gamito wrote:
>>
>>> Hi,
>>>
>>> I'm currently running a development server based on WBEL, with a few 
>>> iptables rules, because i don't want no one except the development 
>>> team to access it.
>>>
>>> Well, i have this executable, rc.firewall in /etc, being called form 
>>> /etc/rc.local
>>>
>>> I believe this is not the right thing (TM) to do, although it works.
>>>
>>> From what i saw in iptables ctl, the rules should be in 
>>> /etc/sysconfig/iptables, right ?
>>> But when i insert them in that file, i always get an error from 
>>> "/etc/init.d/iptables start", saying it doesn't recognize the text.
>>>
>>> Any help about how it should be done ?
>>>
>>
>>
>> At the end of this thread you get pointed in the right general
>> direction.  The easiest way to deal with this is to set the firewall
>> rules exactly the way you want them.  Then run:
>>
>> # service iptables save
>> # chkconfig iptables on
>>
>> (remove rc.firewall from rc.local)
>>
>> Now reboot.  You should see that everything is configured exactly
>> the way had it before.
>>
>>     Thanks,
>>         Kirby
>>
>> _______________________________________________
>> Whitebox-users mailing list
>> Whitebox-users@beau.org
>> http://beau.org/mailman/listinfo/whitebox-users
>
>
>