Re: comments about lokkit default script
On Wed, 10 Sep 2003 17:21:05 +0000 (UTC), Faheem Mitha
<faheem@email.unc.edu> wrote:
> Dear People,
>
> I'm pretty new to packet filtering etc. I ran lokkit's simple
> configuration utility, and it seems to work Ok with my computer. I don't
> think I need an elaborate setup. I'm running my machine on Earthlink's
> cable broadband (pretty basic setup) using DHCP, and am currently
> disallowing all connections from outside, though I might open up an
> ssh port at some point. The script is run as
>
> /sbin/iptables -I INPUT -j RH-Lokkit-0-50-INPUT && /sbin/iptables -I
> FORWARD -j RH-Lokkit-0-50-INPUT
>
> in /etc/rc*, where the chain is defined (/in /etc/default/lokkit) by
>
> #!/bin/sh
> PATH=/sbin:$PATH
> iptables -N RH-Lokkit-0-50-INPUT
> iptables -F RH-Lokkit-0-50-INPUT
> iptables -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
> iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 207.69.188.185
> --sport 53 -d 0/0 -j ACCEPT
> iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 207.69.188.186
> --sport 53 -d 0/0 -j ACCEPT
> iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 207.69.188.187
> --sport 53 -d 0/0 -j ACCEPT
> iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
> iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
I also meant to ask, once this has been loaded into the kernel, is
there some way to retrieve it in human-readable format? I looked for
this in the docs, but could not find anything.
Faheem.
Reply to: