Find the answer to your Linux question:
Results 1 to 5 of 5
I have Gentoo router.there is a problem that i don't know where to find config file for my iptables, i know some places,but all tables in this configs have no ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2007
    Posts
    3

    different iptables rules in config file and $ipbables -L


    I have Gentoo router.there is a problem that i don't know where to find config file for my iptables, i know some places,but
    all tables in this configs have no any similarity with a comand iptables -L

    I found several files
    /etc/init.d/iptables #run script

    /etc/conf.d/iptbales # here there is a line
    IPTABLES_SAVE="/var/lib/iptables/rules-save"

    /var/lib/iptables/rules-save
    Code:
    # Generated by iptables-save v1.2.11 on Tue May 10 08:06:58 20ccept all from localhost
    -A INPUT -s 127.0.0.1 -j ACCEPT
    
    # accept all previously established connections
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A INPUT -p UDP -m state --state RELATED,ESTABLISHED -j ACCEPT
    
    # ssh
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
    
    # ftp / webserver related
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 5190 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dpoer 110 -j ACCEPT
    # Windows / Samba
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 137:139 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 426 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
    
    # up to 5 Bit-torrent connections
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 6881:6886 -j ACCEPT
    
    # reject everything else
    -A INPUT -j REJECT --reject-with icmp-port-unreachable
    
    COMMIT
    here is a comand
    Code:
    $iptables -L
    Chain INPUT (policy DROP)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ACCEPT     tcp  --  10.0.3.0/24          anywhere            tcp dpt:20003
    ACCEPT     all  --  server.vodoline.loc  anywhere
    ACCEPT     all  --  10.0.3.3             anywhere
    ACCEPT     all  --  anywhere             10.0.3.0/24         state RELATED,ESTABLISHED
    ACCEPT     icmp --  10.0.3.0/24          anywhere
    ACCEPT     tcp  --  10.0.3.0/24          anywhere            tcp dpt:https
    ACCEPT     tcp  --  10.0.3.0/24          anywhere            tcp dpt:aol
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination 
    $iptables -L
    another one
    Code:
    $rc-update -s | grep ipt
                    iptables |

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    I would check the script that is starting your firewall. Should be in the /etc/rc#.d dir.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Nov 2007
    Posts
    3
    Quote Originally Posted by Lazydog View Post
    I would check the script that is starting your firewall. Should be in the /etc/rc#.d dir.
    There is no any folder as rc.d
    there is one file rc.conf and there is no any interesting inside
    but I can show you these thing maybe here you can find some...
    Code:
    /etc/runlevels:
    boot
    default
    nonetwork
    single
    
    /etc/runlevels/boot:
    bootmisc
    checkfs
    checkroot
    clock
    consolefont
    domainname
    hostname
    keymaps
    localmount
    modules
    net.lo
    rmnologin
    urandom
    
    /etc/runlevels/default:
    acpid
    apache2
    fwsetup
    local
    metalog
    mydns
    mysql
    nadsl
    net.eth0
    net.eth1
    netmount
    squid
    sshd
    svscan
    vixie-cron
    
    /etc/runlevels/nonetwork:
    local
    
    /etc/runlevels/single:
    #nothing
    Code:
    $rc-status
    Runlevel: default
     sshd                                                                [ started ]
     acpid                                                               [ started ]
     local                                                               [ started ]
     nadsl                                                               [ started ]
     mydns                                                               [ started ]
     mysql                                                               [ started ]
     squid                                                               [ started ]
     vixie-cron                                                          [ started ]
     metalog                                                             [ started ]
     fwsetup                                                             [ started ]
     net.eth0                                                            [ started ]
     net.eth1                                                            [ started ]
     svscan                                                              [ started ]
     netmount                                                            [ started ]
     apache2                                                             [ started ]

  4. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    OK, I don't know anything about Gentoo but there has to be a script file that starts your firewall and that is what you should be looking for.

    Looking at what you posted below I see the following:

    /etc/runlevels/default:
    fwsetup


    This might be a place to start.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  5. #5
    Just Joined!
    Join Date
    Nov 2007
    Posts
    3
    The rules was there !!!!
    /etc/runlevels/default/fwsetup

    and here there was a link to a script file! /fw/ipt

    thank you everybody!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •