From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Fy4M0-000274-6X for garchives@archives.gentoo.org; Wed, 05 Jul 2006 10:11:32 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k65A9nel021946; Wed, 5 Jul 2006 10:09:49 GMT Received: from ilievnet.com ([84.21.204.200]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k65A3g0J031545 for ; Wed, 5 Jul 2006 10:03:43 GMT Received: (qmail 21269 invoked from network); 5 Jul 2006 13:03:42 +0300 Received: from unknown (HELO ?10.0.1.11?) (10.0.1.11) by 0 with SMTP; 5 Jul 2006 13:03:42 +0300 Message-ID: <44AB8E7E.1090005@ilievnet.com> Date: Wed, 05 Jul 2006 13:03:42 +0300 From: Daniel User-Agent: Thunderbird 1.5.0.4 (X11/20060704) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] iptables wiki References: In-Reply-To: X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 5cc6f1b1-306c-468d-99f7-4cc0e677bf9a X-Archives-Hash: f73684f90b7940d685881c334fe5e310 james wrote: > Hello, > > I'm attempting to follow this wiki to build a test firewall running iptables: > http://gentoo-wiki.com/HOWTO_Iptables_for_newbies#QuickStart > > Kernel is 'hardened' with netfilter et al activated. > > It looks reasonable and is suppose to be up to date. > > My nics are set up in /etc/conf.d/net > iface_eth0="192.168.2.20 broadcast 192.168.2.255 netmask 255.255.255.0" > iface_eth1="192.168.3.11 broadcast 192.168.3.255 netmask 255.255.255.0" > iface_eth2=" broadcast netmask 255.255.255.252" > routes_eth2=( "default gw " ) > > All work fine. > > port forwarding is enabled: > > Rulesets get saved to /var/lib/iptables/rules-save > As specificed in /etc/conf.d/iptables > and > /etc/init.d/iptables is the script that launces iptables > plus rc-update add iptables default > > I think all of this is correct(correct me if I'm wrong). > > When I go to /etc/init to write my rules into firewall.sh > as specified in the aforementioned wiki I automatically get > this shoved into the script: > > #!/sbin/runscript > # Copyright 1999-2006 Gentoo Foundation > # Distributed under the terms of the GNU General Public License v2 > # $Header: $ > depend() { > } > start() { > } > stop() { > } > restart() { > } > > > > curiously none of the example talk about this. > > Is this the correct place to put my script(/etc/init.d/, > which is somewhat similar to the one suggested in the > wiki? > > > None of the examples I found googling discuss the details of where to put > the script, how to launch it and other such details. Any suggestion > are welcome. I have found lots of example scripts similar to my 3 nic > net/lan/dmz setup though. > > Any suggestions are very welcome. > > James > > > > Actually IMHO gentoo has internal mechanism for dealing with iptables rules. After you are ready and sure the rules work OK, you do: 1) /etc/init.d/iptables save This would record your rules in /var/lib/iptables/rules-save as you issued the command "iptables-save > /var/lib/iptables/rules-save" ] Then you put iptables in the init sequence so the rules are restored at every system start: 2) rc-update add iptables default This would do "iptablebs-restore < /var/lib/iptables/rules-save" at every boot. 3) Additionally you can set some parameters in /etc/conf.d/iptables Hope This Helps -- Best regards Daniel -- gentoo-user@gentoo.org mailing list