Re: Fedora, Samba, and iptables

From: noi (noi_at_siam.com)
Date: 03/10/05 

Date: Thu, 10 Mar 2005 17:26:30 GMT

On Thu, 10 Mar 2005 23:52:28 +0800, spodosaurus thoughtfully wrote:

> spodosaurus wrote:
>> i all,
>>
>> Where does Fedora Core 3 keep the iptables script? The only way I can
>> connect to my samba shares is to turn iptables off, and I'd rather just
>> get it properly configured. I think these are the commands that I need:
>>
>> iptables -A INPUT -s 192.168.0.0/24 -i eth0 -p UDP --destination-port
>> 137 -j ACCEPT
>> iptables -A INPUT -s 192.168.0.0/24 -i eth0 -p UDP --destination-port
>> 138 -j ACCEPT
>> iptables -A INPUT -s 192.168.0.0/24 -i eth0 -p TCP --destination-port
>> 139 -j ACCEPT
>> iptables -A INPUT -s 192.168.0.0/24 -i eth0 -p TCP --destination-port
>> 445 -j ACCEPT
>>
>> Now I just need to know where to put them. the file
>> /etc/sysconfig/iptables has this at the top, so I'm not sure if I should
>> be manually editting this file:
>>
>> # Firewall configuration written by system-config-securitylevel # Manual
>> customization of this file is not recommended.
>>
>> It also doesn't look quite like I'd expect an iptables configuration
>> file to look.
>>
>> Cheers,
>>
>> Ari
>>
>>
> Okay, let me know if I did the right things here. First, on advice from
> another group, I made a copy of the original /etc/sysconfig/iptables file.
> Then, I changed the above commands to iptables -I instead of iptables -A,
> which apparently was appending the new rules after the drop everything
> rule in the INPUT chain. Finally, I executed an iptables-save
> /etc/sysconfig/iptables command and restarted iptables to make sure
> everything was still working. All appears to be well. Does it sound like I
> made any errors here?
>
> Cheers,
>
> Ari

Absolutely. You can use
$ iptables -L --line-numbers -n -x -v
to display your iptables with line numbers
and check if your iptables are correct. Pipe the output to a file for
use as snapshots.

You can edit a copy of /etc/sysconfig/iptables. As root you can replace
/etc/sysconfig/iptables with the edited version so your changes will be
used the next time the system boots.

Why? because you can create a iptables.test then
$ iptables -F
$ iptables-restore < iptables.test
 for testing new rules and then save the final version
root$ iptable-save > /etc/sysconfig/iptables

Relevant Pages

  • Re: Cant ping into or outof Redhat box
    ... There is no host from an arp -n command, ... and neither computer will load iptables. ... | Your basic network setup is not right, ...
    (comp.os.linux.networking)
  • Re: Cant ping into or outof Redhat box
    ... There is no host from an arp -n command, ... and neither computer will load iptables. ... | Your basic network setup is not right, ...
    (linux.redhat)
  • Re: Is there any way to set iptables as a non-root user?
    ... > iptables as a non root user of the computer. ... User 'root' is there for special tasks (such as ... Newbies in Linux world are often afraid of root account, ... forget about running iptables from account other than root, ...
    (comp.os.linux.security)
  • Kornets Last Hack
    ... I was going thru logs today and I found that some asshole from Thrunet ... script and run it for iptables. ... Hint: We don't allow 'root'. ...
    (comp.os.linux.security)
  • RH 8.0 gateway and iptables
    ... then the kernel was recompiled in such a way the iptables support might ... I am faced with a RH 8.0 based install with a recompiled kernel (to ... [root@Gateway root]# iptables --version ... root@Gateway root]# ifconfig eth0 ...
    (comp.os.linux.security)