Re: Opps !! HELLLLLLLLPPPPPP !!! iptables and a clingon
On Sunday 08 December 2002 17:14, Elizabeth Barham wrote:
>
> The instructions are in /etc/default/iptables.
>
> Here's what I did: I wrote an iptables script and saved it in root's
> home directory, and when I want to change the iptables rules, I modify
> the script, run it, and then do:
>
> /etc/init.d/iptables save active
>
> Elizabeth
Yep, that looks good to me !!!
The problem I have is that, first I reset iptables with
/etc/init.d/iptables restart
iptables -L gives ....
debian:/home/test# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
debian:/home/test#
Im a happy bunney, OK an insecure one !!
I try and access the web, the dial on demand kicks in, all AOK and good
web page OK etc etc ...
However as the link via PPP is made iptables -L gives ...
debian:/home/test# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG all -- 127.0.0.0/8 anywhere LOG level warning
DROP all -- 127.0.0.0/8 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere m718-mp1.cvx1-c.nth.dial.ntli.net
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- m718-mp1.cvx1-c.nth.dial.ntli.net anywhere
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
debian:/home/test#
and untill I reset iptables dial on demand fails ...
My guess is that all these rules should not self generate ?
They are probarbly comming from a previous iptables script or setup demon
in mason or bastille ??
Any ideas ???
Reply to: