Welcome to Linux Forums!

With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.

Linux Forum ArticlesLinux ForumsLinux Forum DownloadsLinux Hosts
Home|Register|FAQ|Member List|Calendar|Unanswered Posts|Forum Rules|Today's Posts|Advanced Search|
SEARCH FOR IN
Go Back   Linux Forums > Your Distro > Gentoo Linux Help
Reload this Page different iptables rules in config file and $ipbables -L
Linux Forums
Linux Forums
Welcome To The Linux Forums!
Welcome to Linux Forums. We pride ourselves in being one of the largest Linux communities on the web, we encourage you to REGISTER on our forums and participate in the community. There are over 150,000 members ready to answer your questions. JOINING US today will allow you to make new posts, get support, send messages to other members and submit downloads to our downloads directory and many other great features!

Gentoo Linux Help For help and discussion related to Gentoo Linux

Reply
 
Thread Tools Display Modes
Old 11-23-2007   #1 (permalink)
linderox
Just Joined!
 
Join Date: Nov 2007
Posts: 3
different iptables rules in config file and $ipbables -L
I have Gentoo router.there is a problem that i don't know where to find config file for my iptables, i know some places,but
all tables in this configs have no any similarity with a comand iptables -L

I found several files
/etc/init.d/iptables #run script

/etc/conf.d/iptbales # here there is a line
IPTABLES_SAVE="/var/lib/iptables/rules-save"

/var/lib/iptables/rules-save
Code:
# Generated by iptables-save v1.2.11 on Tue May 10 08:06:58 20ccept all from localhost
-A INPUT -s 127.0.0.1 -j ACCEPT

# accept all previously established connections
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p UDP -m state --state RELATED,ESTABLISHED -j ACCEPT

# ssh
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

# ftp / webserver related
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5190 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dpoer 110 -j ACCEPT
# Windows / Samba
-A INPUT -p tcp -m state --state NEW -m tcp --dport 137:139 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 426 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT

# up to 5 Bit-torrent connections
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6881:6886 -j ACCEPT

# reject everything else
-A INPUT -j REJECT --reject-with icmp-port-unreachable

COMMIT
here is a comand
Code:
$iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  10.0.3.0/24          anywhere            tcp dpt:20003
ACCEPT     all  --  server.vodoline.loc  anywhere
ACCEPT     all  --  10.0.3.3             anywhere
ACCEPT     all  --  anywhere             10.0.3.0/24         state RELATED,ESTABLISHED
ACCEPT     icmp --  10.0.3.0/24          anywhere
ACCEPT     tcp  --  10.0.3.0/24          anywhere            tcp dpt:https
ACCEPT     tcp  --  10.0.3.0/24          anywhere            tcp dpt:aol

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 
$iptables -L
another one
Code:
$rc-update -s | grep ipt
                iptables |
linderox is offline   Reply With Quote
Old 11-24-2007   #2 (permalink)
Lazydog
Linux User
 
Lazydog's Avatar
 
Join Date: Jun 2004
Location: Pennsylvania
Posts: 459
I would check the script that is starting your firewall. Should be in the /etc/rc#.d dir.
__________________

Regards
Robert

Smile..... it increases your face value!
Linux User #296285
Get Counted
Lazydog is offline   Reply With Quote
Old 11-24-2007   #3 (permalink)
linderox
Just Joined!
 
Join Date: Nov 2007
Posts: 3
Quote:
Originally Posted by Lazydog View Post
I would check the script that is starting your firewall. Should be in the /etc/rc#.d dir.
There is no any folder as rc.d
there is one file rc.conf and there is no any interesting inside
but I can show you these thing maybe here you can find some...
Code:
/etc/runlevels:
boot
default
nonetwork
single

/etc/runlevels/boot:
bootmisc
checkfs
checkroot
clock
consolefont
domainname
hostname
keymaps
localmount
modules
net.lo
rmnologin
urandom

/etc/runlevels/default:
acpid
apache2
fwsetup
local
metalog
mydns
mysql
nadsl
net.eth0
net.eth1
netmount
squid
sshd
svscan
vixie-cron

/etc/runlevels/nonetwork:
local

/etc/runlevels/single:
#nothing
Code:
$rc-status
Runlevel: default
 sshd                                                                [ started ]
 acpid                                                               [ started ]
 local                                                               [ started ]
 nadsl                                                               [ started ]
 mydns                                                               [ started ]
 mysql                                                               [ started ]
 squid                                                               [ started ]
 vixie-cron                                                          [ started ]
 metalog                                                             [ started ]
 fwsetup                                                             [ started ]
 net.eth0                                                            [ started ]
 net.eth1                                                            [ started ]
 svscan                                                              [ started ]
 netmount                                                            [ started ]
 apache2                                                             [ started ]
linderox is offline   Reply With Quote
Old 11-24-2007   #4 (permalink)
Lazydog
Linux User
 
Lazydog's Avatar
 
Join Date: Jun 2004
Location: Pennsylvania
Posts: 459
OK, I don't know anything about Gentoo but there has to be a script file that starts your firewall and that is what you should be looking for.

Looking at what you posted below I see the following:

/etc/runlevels/default:
fwsetup

This might be a place to start.
__________________

Regards
Robert

Smile..... it increases your face value!
Linux User #296285
Get Counted
Lazydog is offline   Reply With Quote
Old 11-26-2007   #5 (permalink)
linderox
Just Joined!
 
Join Date: Nov 2007
Posts: 3
The rules was there !!!!
/etc/runlevels/default/fwsetup

and here there was a link to a script file! /fw/ipt

thank you everybody!
linderox is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




All times are GMT. The time now is 05:50 AM.



Contact Us | Advertise | Archive | Top
© 2000 - 2008 - All Rights Reserved - Property of  MAS Media

Content Relevant URLs by vBSEO 3.0.0