different iptables rules in config file and $ipbables -L

[linderox]

I have Gentoo router.there is a problem that i don't know where to find config file for my iptables, i know some places,but
all tables in this configs have no any similarity with a comand iptables -L

I found several files
/etc/init.d/iptables #run script

/etc/conf.d/iptbales # here there is a line
IPTABLES_SAVE="/var/lib/iptables/rules-save"

/var/lib/iptables/rules-save

Code:

# Generated by iptables-save v1.2.11 on Tue May 10 08:06:58 20ccept all from localhost
-A INPUT -s 127.0.0.1 -j ACCEPT

# accept all previously established connections
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p UDP -m state --state RELATED,ESTABLISHED -j ACCEPT

# ssh
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

# ftp / webserver related
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5190 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dpoer 110 -j ACCEPT
# Windows / Samba
-A INPUT -p tcp -m state --state NEW -m tcp --dport 137:139 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 426 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT

# up to 5 Bit-torrent connections
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6881:6886 -j ACCEPT

# reject everything else
-A INPUT -j REJECT --reject-with icmp-port-unreachable

COMMIT

here is a comand

Code:

$iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  10.0.3.0/24          anywhere            tcp dpt:20003
ACCEPT     all  --  server.vodoline.loc  anywhere
ACCEPT     all  --  10.0.3.3             anywhere
ACCEPT     all  --  anywhere             10.0.3.0/24         state RELATED,ESTABLISHED
ACCEPT     icmp --  10.0.3.0/24          anywhere
ACCEPT     tcp  --  10.0.3.0/24          anywhere            tcp dpt:https
ACCEPT     tcp  --  10.0.3.0/24          anywhere            tcp dpt:aol

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 
$iptables -L

another one

Code:

$rc-update -s | grep ipt
                iptables |

[Lazydog]

I would check the script that is starting your firewall. Should be in the /etc/rc#.d dir.

[linderox]

I would check the script that is starting your firewall. Should be in the /etc/rc#.d dir.

There is no any folder as rc.d
there is one file rc.conf and there is no any interesting inside
but I can show you these thing maybe here you can find some...

Code:

/etc/runlevels:
boot
default
nonetwork
single

/etc/runlevels/boot:
bootmisc
checkfs
checkroot
clock
consolefont
domainname
hostname
keymaps
localmount
modules
net.lo
rmnologin
urandom

/etc/runlevels/default:
acpid
apache2
fwsetup
local
metalog
mydns
mysql
nadsl
net.eth0
net.eth1
netmount
squid
sshd
svscan
vixie-cron

/etc/runlevels/nonetwork:
local

/etc/runlevels/single:
#nothing

Code:

$rc-status
Runlevel: default
 sshd                                                                [ started ]
 acpid                                                               [ started ]
 local                                                               [ started ]
 nadsl                                                               [ started ]
 mydns                                                               [ started ]
 mysql                                                               [ started ]
 squid                                                               [ started ]
 vixie-cron                                                          [ started ]
 metalog                                                             [ started ]
 fwsetup                                                             [ started ]
 net.eth0                                                            [ started ]
 net.eth1                                                            [ started ]
 svscan                                                              [ started ]
 netmount                                                            [ started ]
 apache2                                                             [ started ]

[Lazydog]

OK, I don't know anything about Gentoo but there has to be a script file that starts your firewall and that is what you should be looking for.

Looking at what you posted below I see the following:

/etc/runlevels/default:
fwsetup

This might be a place to start.

[linderox]

The rules was there !!!!
/etc/runlevels/default/fwsetup

and here there was a link to a script file! /fw/ipt

thank you everybody!