Problem with Firewall
TongKe Xue
tongke at gmail.com
Thu Sep 30 17:59:05 UTC 2004
Hi all,
The "#" was been removed; so was the following line:
# iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
I do not have any rules setup for OUTPUT
Thanks,
--TongKe
On Thu, 30 Sep 2004 07:31:18 -0500 (EST), Mike Burger
<mburger at bubbanfriends.org> wrote:
> On Wed, 29 Sep 2004, TongKe Xue wrote:
>
> > Hi all,
> >
> > I'm using the iptables config from:
> > http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html
> >
> > Now, when I try that, apparently KDE and GNOME both refuses to start
> > -- do they run some kind of server and then connect to it? How can I
> > fix this?
> >
> > (Worked fine on RH9; but apparently refuses to work on FC2).
> >
> > To make it easier to respond; the section I'm referring to is:
> >
> > --BEGIN QUOTE--
> > ## Insert connection-tracking modules (not needed if built into kernel).
> > # insmod ip_conntrack
> > # insmod ip_conntrack_ftp
> >
> > ## Create chain which blocks new connections, except if coming from inside.
> > # iptables -N block
> > # iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
> > # iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
> > # iptables -A block -j DROP
> >
> > ## Jump to that chain from INPUT and FORWARD chains.
> > # iptables -A INPUT -j block
> > --END QUOTE--
>
> Just a quick note...I'm hoping that you realize that if you have that
> exact snippet in your firewall script, there's nothing going on, at
> all...all of the lines starting with # are effectively commented out.
>
> --
> Mike Burger
> http://www.bubbanfriends.org
>
> Visit the Dog Pound II BBS
> telnet://dogpound2.citadel.org or http://dogpound2.citadel.org
>
> To be notified of updates to the web site, visit
> http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a
> message to:
>
> site-update-request at bubbanfriends.org
>
> with a message of:
>
> subscribe
>
--
Knowledge is freedom. Read http://watchtower.org
More information about the fedora-list
mailing list