simple ipchain question

[Master of Reality]

how do i save/restor my ipchains?

[voidmain]

I create a script with all my IP Chains commands called /etc/rc.d/rc.firewall (make it executable), and I added this line to the end of the /etc/rc.d/rc.local: /etc/rc.d/init.d/rc.firewall. This way the firewall will be configured at bootup.

A cut down version of my rc.firewall is included at the bottom of this message.  Notice that I flush/delete all chains in the first two lines of the script. That way if you make changes to the script all you have to do is execute the script for your new firewall rules to take effect. This is the "old" method of running your firewall script.  There are now services to do this, however, I prefer to continue using my old method. Works like a champ, why change?

Code: [Select]

[ May 16, 2002: Message edited by: VoidMain ]

[Master of Reality]

i may use that (at least as a template). With either quite a bit of changes because you are using the 2.2 kernel which uses different modules than the 2.4. But i could switch to slackware which comes with both kernels, or use my (store-bought) redhat 6.2 that i have. I really do like slackware though, i have been thinking of running my server on it.

[Master of Reality]

My Red Hat 7.3 loads some weird ipchains when it starts... where d'ya think i would find the script for these chains, so that i could stop it?

[voidmain]

By default in RH73 if you select firewall settings at install time it should put the ipchains rules in /etc/sysconfig/ipchains.  And they are executed by the /etc/rc.d/init.d/ipchains script depending on whether you have the "ipchains" service set to execute in whatever run level you happen to be in (probably 5).  If you do a "/sbin/chkconfig --list ipchians" it will show you which run levels these rules apply to. If you want to turn it off you can either modify the /etc/sysconfig/ipchains file to your taste, or turn the service off:

# /sbin/service ipchains stop
# /sbin/chkconfig --level 2345 ipchains off

[ June 28, 2002: Message edited by: VoidMain ]

[Master of Reality]

whats the difference between the 3 different netbios? Are they all on port 139 or 138? What port is SWAT on?
I am going to IP tables and i dont know if i can use names like SWAT or netbios-ns.

[voidmain]

You should be able to use any name that is in the /etc/services file.  And if there isn't a name in /etc/services for a port that you use for a specific task just add the port and name for the service in that file.  That file is used by many TCP/IP programs to give useful names instead of port numbers (netstat output uses names from /etc/services for instance).

NetBIOS itself does not use ports.  NetBIOS is actually not a protocol at all but requires a networking protocol to be encapsulated in.  It can be encapsulated in NetBEUI or TCP/IP. The three common NetBIOS over TCP/IP ports are 137, 138, and 139. 137 is the NETBIOS Name Service, 138 is the NETBIOS Datagram Service and 139 is the NETBIOS session service (you should see these listed in the comments field in /etc/services). To get more detailed information about what sort of communiction goes on over those ports search the net, there's plenty of information out there on the subject.

[Master of Reality]

uhhh... iptables only lets me use the --dport and --sport variables if i have -p tcp in it. Netbios uses udp and tcp, so how would i stop it from going over udp?

[voidmain]

Look at the second post in this thread with my firewall script.  I have netbios tcp/udp blocked, but I am using ipchains.  I think iptables is the same/similar is it not?  Or maybe I don't quite understand your question?

[ August 23, 2002: Message edited by: VoidMain ]

[Master of Reality]

nevermind maybe you can use the --sport and --dport with udp.
but i still get this error when using the --limit arg:

Code: [Select]

[ August 23, 2002: Message edited by: Master of Reality / Bob ]

[Master of Reality]

instead of putting the address and port in the -s flag, iptables uses the --dport and --sport to specify the source and destination port in a separate argument.

I am trying to redo the things i had in ipchains as iptables.
here's what i've got so far (my ipaddress has been changed to 205.92.81.80):

Code: [Select]