Re: [tlug] Ipchains/Iptables

["Scott Robbins" <scottro@example.com>]

----- Original Message -----
From: "Scott McLennan" <scottmclennan@example.com>
To: <tlug@example.com>
Sent: Wednesday, March 27, 2002 10:10 AM
Subject: [despammed] Re: [tlug] Ipchains/Iptables


> Hey Scott.
> (what a great name! )

Yes, I think so. :)
>
> That's good. Thanks a lot. When you run iptables, do you
> need this thing called netfilter? Can you run iptables by
> calling it from within /etc/rc.d/rc.local just as you do with
> ipchains.


Ok, the only distro where I've dealt with both is RH.  They can't be run
together--both, in the default kernel are modules so first you'd do rmmod
ipchains then insmod iptables. I usually, regardless of distro, download and
install a new kernel quickly, and always put in netfilter--again, I'm in MS
today, and rushed, so I don't have time to go and look--I ~think~ and hope
someone can either confirm or correct, that netfilter is necessary for
iptables.

Now, if, on RH, you do that rmmod ipchains, insmod iptables, your default
iptables just accepts everything.

So, you might, using the default ipchains as a guide (by doing
ipchains -L -v -n see what your current ipchains looks like-- then make an
iptables script to duplicate it, changing input to INPUT the port number at
the end to --dport and the port number and any -y (or is it --y) to --syn.

Then, depending upon your degree of paranoia, disconnect the box from the
network, do the rmmod and insmod mentioned above and run your script to make
sure you haven't made any syntax errors.  When done, it's
iptables-save >/etc/sysconfig/iptables

The above is for RH.   In Slack you edit  /etc/rc.M, placing the script in
your default run level and in Gentoo you add it with rc-update--I think
those are the only ones I've worked with.
HTH
Scott