Re: [tlug] IPTables

["A. Sajjad Zaidi" <sajjad@example.com>]

On Thu, Feb 13, 2003 at 06:42:50PM +0900, Jean-Christian Imbeault wrote:
> I've been playing around with iptables (and locking myself out of my box 
> of course :) This is bound to be the first of many iptables related 
> questions ...

A cronjob that clears the rules every few minutes really helps while you
are testing. Just remember to remove it when you are done.

> One thing I haven't been able to find a suitable answer to is what is 
> the proper way to get iptables up and running at boot time with rules 
> loaded (on a RH 8.0 machine)?

With the RH init.d script, and in most other cases, you should use
'iptables-save' to dump your rules to '/etc/sysconfig/iptables'.

> I have one tutorial that says to put the rules in rc.local but also 
> mentions that this would leave the box open for a small length of time, 
> from the time networking is enabled to the time the rules are loaded 
> when rc.local gets run.

It seems a little messy to put all your rules in rc.local and you are
right about having it open for a few seconds. Its better not to use
rc.local at all, but if you have to use it, put the rules in a separate
script.

> Can anyone point me to a resource that explains how to get iptables 
> started, with rules loaded, before networking is enabled? I'm sure there 
> are many "hacks" ... but is there one "recommended" way?

Don't know of any off hand, but starting iptables right after
'networking' should be enough, since nothing exploitable would be
running.

-- 
A. Sajjad Zaidi
gpg --keyserver pgp.mit.edu --recv-keys 267E0D0E

Attachment: pgp00048.pgp
Description: PGP signature