[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: my debian does not read my own iptables script

On 2009-01-28 Patrik Hasibuan wrote:
> I am building a firewall with Debian Sarge on my internet gateway. But
> lookslike my debian does not read my iptables script after I run my
> own iptables script.
> I haven't open the rpcbind,auth,printer. And the 21,23,53 are not
> opened by my iptables. Where is the mistake? Please tell me. I am new
> in debian and iptables. Usually I use OpenSuSE and SuSEfirewall2 and I
> configure the firewall with YaST2 so easily. But now I want to get
> close to debian too. And I am stucked on this case.
> #!/bin/bash
> #Zero...zero...from beginning
> iptables -F

You are not setting default policies (bad idea), so your chains probably
accept all incoming packets. As others have told you before: please post
the output of "iptables -nL" and "iptables -t nat -nL" (and perhaps the
output of "iptables -t mangle -nL" and "iptables -t raw -nL").

As a starting point, my iptables scripts usually begin like this:

# 1) Disable IP forwarding.
echo "0" > /proc/sys/net/ipv4/ip_forward

# 2) Set default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP

iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT

# 3) Flush chains
iptables -F
iptables -t nat -F

# 4) Delete user-defined chains
iptables -X
iptables -t nat -X

# 5) Re-enable IP forwarding (if required)
echo "1" > /proc/sys/net/ipv4/ip_forward

# ...

Ansgar Wiechers
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."

Reply to: