[olug] firewall script
mesc
mescie at home.com
Tue Sep 19 23:45:36 UTC 2000
I went to http://www.linux-firewall-tools.com/linux/firewall/index.html
and had a firewall written for my box and named it rc.firewall and put
it in /etc/rc.d.When I boot up it reads starting firewalling........
then hangs until I hit ^C then the bootup process resumes normally.Once
I'm booted up I can't go anywhere on the net,I get the unknown host
error in netscape.I can ping my box but when I ping my domain name
server I get operation not permited then the usual ping info with 0
packets recieved.Here are some parts of my firewall script to look at.If
they aren't the right parts just let me know and I'll send more.
# Set the default policy of the filter to deny
ipchains -P input DENY
ipchains -P output REJECT
ipchains -P forward DENY
DNS entries atached
Thank you in advance,Gary Martin
P.S. My ps/2 2 button mouse is setup for 3 button emulation and it
usually paste into messenger just fine but my mouse must be acting up
today or maybe it's just plain broke :)
-------------- next part --------------
\ # DNS client (53)
# ---------------
ipchains -A output -i $EXTERNAL_INTERFACE -p udp \
-s $IPADDR $UNPRIVPORTS \
-d $NAMESERVER_1 53 -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p udp \
-s $NAMESERVER_1 53 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR $UNPRIVPORTS \
-d $NAMESERVER_1 53 -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $NAMESERVER_1 53 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p udp \
-s $IPADDR $UNPRIVPORTS \
-d $NAMESERVER_2 53 -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p udp \
-s $NAMESERVER_2 53 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR $UNPRIVPORTS \
-d $NAMESERVER_2 53 -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $NAMESERVER_2 53 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
# ------------------------------------------------------------------
-------------- next part --------------
---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net
More information about the OLUG
mailing list