I see VTI 2.4 has support for this. How to do install and configure it please?
iptables
Diese Seite verwendet Cookies. Durch die Nutzung unserer Seite erklären Sie sich damit einverstanden, dass wir Cookies setzen. Weitere Informationen
-
-
Check this link out for a simple introduction.
I CAN ONLY WARN YOU: be VERY CAREFUL, cuz can lock youself out of your box as easy as this: 'iptables -F' (provided you have set your default policy to DROP).
Mambachecking for long long... yes<br>
checking for long double... yes<br>
+++ Divide By Cucumber Error. Stopping. +++<br><br> -
Iptables should be installed by default on all CentOS 3.x, 4.x and 5.x installations. You can check to see if iptables is installed on your system by:
$ rpm -q iptables
iptables-1.3.5-1.2.1
Ok, so I opened up telnet and entered the above command. And I got.
-sh: $: not found
Not a very good start -
-
Cheers for that.
Tried iptables -L and got
modprobe: module ip_tables not found in modules.dep
iptables v1.4.6: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded. -
-
Cheers for that. THats got me a little further.
I'm currently writing the rules to flush the original ones. It's giving an error on this line
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
it comes back,
iptables: No chain/target/match by that name
This was the entire code
# iptables -P INPUT ACCEPT
# iptables -F
# iptables -A INPUT -i lo -j ACCEPT
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# iptables -P INPUT DROP
# iptables -P FORWARD DROP
# iptables -P OUTPUT ACCEPT
# iptables -L -v
Cheers! -
Did you install the xt-state kernel modul ?
Here is a list of all available modules (don't forget depmod -a after install a modul):
kernel-module-ip-conntrack - 2.6.18-r7 - ip-conntrack kernel module
kernel-module-ip-nat - 2.6.18-r7 - ip-nat kernel module
kernel-module-ip-tables - 2.6.18-r7 - ip-tables kernel module; IPv4 packet filter
kernel-module-iptable-filter - 2.6.18-r7 - iptable-filter kernel module; iptables filter table
kernel-module-iptable-nat - 2.6.18-r7 - iptable-nat kernel module
kernel-module-x-tables - 2.6.18-r7 - x-tables kernel module; [ip,ip6,arp]_tables backend module
kernel-module-xt-mac - 2.6.18-r7 - xt-mac kernel module; iptables mac matching module
kernel-module-xt-state - 2.6.18-r7 - xt-state kernel module; ip[6]_tables connection tracking state match module
kernel-module-xt-tcpudp - 2.6.18-r7 - xt-tcpudp kernel module; x_tables match for TCP and UDP, supports IPv4 and IPv6 -
Cheers for the list of modules. Greatly appreciated!!
I've added all the lines now
# iptables -P INPUT ACCEPT
# iptables -F
# iptables -A INPUT -i lo -j ACCEPT
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# iptables -P INPUT DROP
# iptables -P FORWARD DROP
# iptables -P OUTPUT ACCEPT
# iptables -L -v
Gone to save it via
# /sbin/service iptables save
Gives an error, -sh: /sbin/service: not found
Take it theres something else required? -
?? service is for handling (start/stop) System V init scripts
I don't understand, sorry -
Hi, the guide mamba posted says
Finally, the last thing we need to do is save our rules so that next time we reboot our computer our rules are automatically reloaded:
# /sbin/service iptables save
This executes the iptables init script, which runs /sbin/iptables-save and writes the current iptables configuration to /etc/sysconfig/iptables. Upon reboot, the iptables init script reapplies the rules saved in /etc/sysconfig/iptables by using the /sbin/iptables-restore command.
So I tried /sbin/service iptables save
but i get not found. -
Cuz it's not there.
Try setting the rules and then reboot the box. Now check if iptables kept the rules and the policy. Does it?
Mambachecking for long long... yes<br>
checking for long double... yes<br>
+++ Divide By Cucumber Error. Stopping. +++<br><br> -
NO
I had it all set up correctly and it helped filter out the junk in the cam but restarted and its all gone -
-
iptables-save > ./rules.fw works
and
iptables-restore < ./rules.fw works
Just how to enable that to work at start up?????? -
Hi you tried this?
# vi /etc/network/interfaces
Append the line to eth0 section:
'post-up iptables-restore'
Mambachecking for long long... yes<br>
checking for long double... yes<br>
+++ Divide By Cucumber Error. Stopping. +++<br><br> -
Original von mamba0815
Hi you tried this?
# vi /etc/network/interfaces
Append the line to eth0 section:
'post-up iptables-restore'
Mamba
Hmmm,
the files currently says
auto lo
iface lo inet loopback
auto eth0
iface eth0 net static
address ***.***.***.***
netmask ***.***.***.***
gateway ***.***.***.*** -
Well, wh don't you give it a shot?checking for long long... yes<br>
checking for long double... yes<br>
+++ Divide By Cucumber Error. Stopping. +++<br><br> -
Original von mamba0815
Well, wh don't you give it a shot?
Doesnt work.
Tried post-up and post-down -
Then the easiest way would be to genereate a script under /etc/init.d/ and a softlink to there from /etc/rc3.d/S90xxxx.
I am going to think about this over the course of the next days. Let's see what is the best way ...
Mambachecking for long long... yes<br>
checking for long double... yes<br>
+++ Divide By Cucumber Error. Stopping. +++<br><br>