[Gllug] ip-tables and ipchains
Sean Burlington
sean at uncertainty.org.uk
Sun Jul 7 13:47:05 UTC 2002
Adrian McMenamin wrote:
> On Saturday 06 Jul 2002 5:44 pm, Sean Burlington wrote:
>
>>Adrian McMenamin wrote:
>
>
>>you have ipchains running - and can't use both
>>
>>just remove the ipchains module - and start the iptables one instead
>>
>>you need to do
>>
>>rmmod ipchains
>>insmod ip_tables
>>
>>or edit the rc entries for iptables and ipchains
>
>
> Okay, thanks for this. It's beginning to make sense now.
>
> But on my SysVInit I see that at my default run level (and all the others for
> that matter) I am attempting to launch ipv6tables iptables and ipchains all
> at the same level of priority. Presumably this is a mistake?
hmm..
I'm also running RH7.3 (but overwrote the default settings)
but looking at the remains of my original config files
the init scripts contain lines like
IPCHAINS_CONFIG=/etc/sysconfig/ipchains
grep -v "^[[:space:]]*#" $IPCHAINS_CONFIG | grep -v '^[[:space:]]*$' |
/sbin/ipchains-restore -p -f
if [ -f $IPCHAINS_CONFIG ]; then
so having all three start at once does make sense fronm the RH point of view
you just edit your /etc/sysconfig/ipchains or whatever to contain the
rules you want to apply
I think RH do this so that they can leave the initscripts under rpm
control without an upgrade overwiting your config
> Which should I want to use? And if ipchains is running now, do I want to
> change it?
iptables is probably your best bet
ipv6tables is presumably for those running ipv6
ipchains is older and doesn't do statefull filtering
chains and tables have broadly similar syntax
the best guide for all this stuff if from the author of the code
http://netfilter.samba.org/unreliable-guides/
http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/index.html
> And what does firewall-config actually configure in this case? Chains or
> tables? Sorry, I know this pretty much red hat specific - but I think my
> problem is that my first ever Linux system was a RH 7.1, which I bought just
> when it came out, and then I bought a RH 7[.0] book to tell me how to fiddle
> with it - I didn't understand things like kernel series a year ago :-<
>
I don't know but it *looks* like it works on ipchains
I find gui tools like this hard to work with for this kind of tak
If you edit the rules by hand it's much easier to comment out lines
while you experiment (and make notes amongst the rules so that when you
look at it in 3 months time you are remnded why you set it up that way)
it can also be good to practise by manually adding rules on the command line
--
Sean
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list