[Eug-lug] iptables on gentoo?
Rob Hudson
rob at euglug.net
Sun Jan 2 17:52:26 PST 2005
Anyone familiar with iptables on gentoo?
What I've done so far is configure my kernel for iptables support and
emerged the package iptables, which apparently is a wrapper and sets up
some /etc/init.d scripts.
I manually entered the following and ran /etc/init.d/iptables save,
which is supposed to save my firewall rules to a particular folder and
reload them when iptables starts.
Here are my rules...
(Comments added here)
# Accept connections from self
iptables -A INPUT -i lo -j ACCEPT
# Accept port 80(www) and 22(ssh) and 25(mail)
iptables -A INPUT -p tcp -m multiport --dports 80,22,25 -j ACCEPT
# Accept imap-ssl
iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 993 -j ACCEPT
# Logging
iptables -A INPUT -m limit --limit 3/hour -j LOG
# Reject everything else
iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
The iptables save outputs in a different format. I entered these on the
command line and I believe those rules take effect once you type them.
Everything was good.
As a test I ran this:
/etc/init.d/iptables start ; sleep 60 ; /etc/init.d/iptables stop
Upon doing this, my connection (via ssh) died until the stop command
came through. I'm confused as to why turning on iptables in this way
killed my connection but typing them manually did not.
To further test things, I did the above command but with a "iptables -L"
to list the rules and they look exactly as they did just after I typed
them manually.
Not sure what's up. Any help is appreciated. Also, feel free to
comment on the iptables rules themselves... I'm no expert at firewalls
but want something simple to help protect my server.
Thanks,
Rob
More information about the EUGLUG
mailing list