* RE: Redhat 7.2 Kernel
@ 2002-07-09 18:12 Denis JULIEN
2002-07-09 19:12 ` Glover George
0 siblings, 1 reply; 8+ messages in thread
From: Denis JULIEN @ 2002-07-09 18:12 UTC (permalink / raw)
To: 'Mike G. Hammonds'; +Cc: Iptables-User-list (E-mail)
I suggest that you read this very good documentation:
http://www.netfilter.org/documentation/tutorials/blueflux/iptables-tutorial.
html#INSTALLRH71
I'm using also red hat 7.2 and this was able to solve the same problem like
you
rg
Denis
-----Message d'origine-----
De : Mike G. Hammonds [mailto:mhammonds@knowledgeinenergy.com]
Envoyé : mardi 9 juillet 2002 16:17
À : Iptables-User-list (E-mail)
Objet : Redhat 7.2 Kernel
Does the default install kernel of RH7.2 have iptable support already
compiled in it?
Mike Hammonds
Fellon-McCord & Associates, Inc.
Information Services Manager
Voice (502) 214-6324 Fax (502)426-8800
mhammonds@knowledgeinenergy.com <mailto:mhammonds@knowledgeinenergy.com >
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: Redhat 7.2 Kernel
2002-07-09 18:12 Redhat 7.2 Kernel Denis JULIEN
@ 2002-07-09 19:12 ` Glover George
2002-07-10 8:39 ` Dorian Haasler
0 siblings, 1 reply; 8+ messages in thread
From: Glover George @ 2002-07-09 19:12 UTC (permalink / raw)
To: 'Denis JULIEN', 'Mike G. Hammonds'
Cc: 'Iptables-User-list (E-mail)'
If you install redhat with no firewall (i.e, when it asks for medium,
high, or no firewall), these scripts will exist but will not run. Then
the common practice around here is to just create your script in
/etc/sysconfig/network-scripts/rc.firewall. And have that run in
/etc/rc.d/init.d/rc.local (although I believe local is run after all
scripts, so this may not be the most secure for a highly secure
solution).
Glover George
Systems/Networks Administrator
Gulf Sales & Supply, Inc.
dime@gulfsales.com
(228)-762-0268
> -----Original Message-----
> From: netfilter-admin@lists.samba.org [mailto:netfilter-
> admin@lists.samba.org] On Behalf Of Denis JULIEN
> Sent: Tuesday, July 09, 2002 1:13 PM
> To: 'Mike G. Hammonds'
> Cc: Iptables-User-list (E-mail)
> Subject: RE: Redhat 7.2 Kernel
>
> I suggest that you read this very good documentation:
> http://www.netfilter.org/documentation/tutorials/blueflux/iptables-
> tutorial.
> html#INSTALLRH71
> I'm using also red hat 7.2 and this was able to solve the same problem
> like
> you
> rg
> Denis
>
> -----Message d'origine-----
> De : Mike G. Hammonds [mailto:mhammonds@knowledgeinenergy.com]
> Envoyé : mardi 9 juillet 2002 16:17
> À : Iptables-User-list (E-mail)
> Objet : Redhat 7.2 Kernel
>
>
> Does the default install kernel of RH7.2 have iptable support already
> compiled in it?
>
> Mike Hammonds
> Fellon-McCord & Associates, Inc.
> Information Services Manager
> Voice (502) 214-6324 Fax (502)426-8800
> mhammonds@knowledgeinenergy.com
<mailto:mhammonds@knowledgeinenergy.com >
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: Redhat 7.2 Kernel
2002-07-09 19:12 ` Glover George
@ 2002-07-10 8:39 ` Dorian Haasler
2002-07-10 13:10 ` Jason Costomiris
0 siblings, 1 reply; 8+ messages in thread
From: Dorian Haasler @ 2002-07-10 8:39 UTC (permalink / raw)
To: 'Denis JULIEN', 'Mike G. Hammonds'
Cc: 'Iptables-User-list (E-mail)'
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Why using rc.firewall scripts with RedHat? Write your script and at
the of it use "iptables-save" to store the information!
At the next reboot the iptables settings will be the same and you
don´t need to run your script every time. Changes can done in
/etc/sysconfig/iptables
where the rules where stored!
Mfg,
Dorian Haasler
- -----Original Message-----
From: netfilter-admin@lists.samba.org
[mailto:netfilter-admin@lists.samba.org] On Behalf Of Glover George
Sent: Tuesday, July 09, 2002 9:12 PM
To: 'Denis JULIEN'; 'Mike G. Hammonds'
Cc: 'Iptables-User-list (E-mail)'
Subject: RE: Redhat 7.2 Kernel
If you install redhat with no firewall (i.e, when it asks for medium,
high, or no firewall), these scripts will exist but will not run.
Then
the common practice around here is to just create your script in
/etc/sysconfig/network-scripts/rc.firewall. And have that run in
/etc/rc.d/init.d/rc.local (although I believe local is run after all
scripts, so this may not be the most secure for a highly secure
solution).
Glover George
Systems/Networks Administrator
Gulf Sales & Supply, Inc.
dime@gulfsales.com
(228)-762-0268
> -----Original Message-----
> From: netfilter-admin@lists.samba.org [mailto:netfilter-
> admin@lists.samba.org] On Behalf Of Denis JULIEN
> Sent: Tuesday, July 09, 2002 1:13 PM
> To: 'Mike G. Hammonds'
> Cc: Iptables-User-list (E-mail)
> Subject: RE: Redhat 7.2 Kernel
>
> I suggest that you read this very good documentation:
> http://www.netfilter.org/documentation/tutorials/blueflux/iptables-
> tutorial.
> html#INSTALLRH71
> I'm using also red hat 7.2 and this was able to solve the same
> problem like
> you
> rg
> Denis
>
> -----Message d'origine-----
> De : Mike G. Hammonds [mailto:mhammonds@knowledgeinenergy.com]
> Envoyé : mardi 9 juillet 2002 16:17
> À : Iptables-User-list (E-mail)
> Objet : Redhat 7.2 Kernel
>
>
> Does the default install kernel of RH7.2 have iptable support
> already compiled in it?
>
> Mike Hammonds
> Fellon-McCord & Associates, Inc.
> Information Services Manager
> Voice (502) 214-6324 Fax (502)426-8800
> mhammonds@knowledgeinenergy.com
<mailto:mhammonds@knowledgeinenergy.com >
>
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBPSvyui/JW8KXJ5IHEQJscwCggkKbc9gC9HjyynhIwkOhcW/zMZIAoMYw
lHxh6q0MQckwScyFIypGRI5X
=KqOe
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Redhat 7.2 Kernel
2002-07-10 8:39 ` Dorian Haasler
@ 2002-07-10 13:10 ` Jason Costomiris
0 siblings, 0 replies; 8+ messages in thread
From: Jason Costomiris @ 2002-07-10 13:10 UTC (permalink / raw)
To: Dorian Haasler
Cc: 'Denis JULIEN', 'Mike G. Hammonds',
'Iptables-User-list (E-mail)'
On Wed, Jul 10, 2002 at 10:39:24AM +0200, Dorian Haasler wrote:
: Why using rc.firewall scripts with RedHat? Write your script and at
: the of it use "iptables-save" to store the information!
: At the next reboot the iptables settings will be the same and you
: don´t need to run your script every time. Changes can done in
: /etc/sysconfig/iptables
: where the rules where stored!
One reason in particular to NOT run an rc.firewall out of rc.local on RedHat
(or any other system for that matter) is that by that time you've already
brought up your network interfaces. There's a window that's short, but is
still nonetheless exploitable to do damage.
RH loads the iptables policies FIRST, then brings up the i/f's.
So basically, run your script, then run "service iptables save", and make
sure that iptables starts at boot. You'll most likely also want to have
a look at /etc/sysctl.conf to tweak the ip forwarding setting.
--
Jason Costomiris <>< | Technologist, geek, human.
jcostom {at} jasons {dot} org | http://www.jasons.org/
Quidquid latine dictum sit, altum viditur.
My account, My opinions.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Redhat 7.2 Kernel
2002-07-09 17:20 ` Matthias Kattanek
@ 2002-07-09 17:41 ` Jan Humme
0 siblings, 0 replies; 8+ messages in thread
From: Jan Humme @ 2002-07-09 17:41 UTC (permalink / raw)
To: Matthias Kattanek, R. Sterenborg, Mike G. Hammonds
Cc: Iptables-User-list (E-mail)
On Tuesday 09 July 2002 19:20, Matthias Kattanek wrote:
> On Tue, 9 Jul 2002, R. Sterenborg wrote:
> > ----- Original Message -----
> > From: "Mike G. Hammonds" <mhammonds@knowledgeinenergy.com>
> > Subject: Redhat 7.2 Kernel
> >
> > > Does the default install kernel of RH7.2 have iptable support already
> > > compiled in it?
> >
> > Yes it does.
>
> Nope, that is not exactly true.
> All RedHat 7.x distribution with a 2.4.x kernel offer iptables as a
> module. (same as ipchains)
>
> By default RH distries have ipchains activated. So in case you attempt
> e.g. 'iptables -L' you will encounter an error message.
>
> no worries. easiest way around is to rename /etc/sysconfig/ipchains
> to /etc/sysconfig/ipchains.notinuse. Then reboot the box and run
> 'iptables' and it will autoload the respective module.
>
> mattes
I prefer to use:
#chkconfig ipchains --level 2345 off.
#chkconfig iptables --level 2345 on.
because it stops the ipchains script from being run at all (which is what you
really want).
If you mv /etc/sysconfig/ipchains, then /etc/init.d/ipchains will still be
run, but exit because /etc/sysconfig/ipchains is missing.
In any case, /etc/init.d/iptables uses lsmod to find out if ipchains is
running, and exits should this be the case.
Jan Humme.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Redhat 7.2 Kernel
2002-07-09 14:38 ` R. Sterenborg
@ 2002-07-09 17:20 ` Matthias Kattanek
2002-07-09 17:41 ` Jan Humme
0 siblings, 1 reply; 8+ messages in thread
From: Matthias Kattanek @ 2002-07-09 17:20 UTC (permalink / raw)
To: R. Sterenborg, Mike G. Hammonds; +Cc: Iptables-User-list (E-mail)
On Tue, 9 Jul 2002, R. Sterenborg wrote:
> ----- Original Message -----
> From: "Mike G. Hammonds" <mhammonds@knowledgeinenergy.com>
> Subject: Redhat 7.2 Kernel
>
>
> > Does the default install kernel of RH7.2 have iptable support already
> > compiled in it?
> >
> Yes it does.
Nope, that is not exactly true.
All RedHat 7.x distribution with a 2.4.x kernel offer iptables as a
module. (same as ipchains)
By default RH distries have ipchains activated. So in case you attempt
e.g. 'iptables -L' you will encounter an error message.
no worries. easiest way around is to rename /etc/sysconfig/ipchains
to /etc/sysconfig/ipchains.notinuse. Then reboot the box and run
'iptables' and it will autoload the respective module.
mattes
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Redhat 7.2 Kernel
2002-07-09 14:17 Mike G. Hammonds
@ 2002-07-09 14:38 ` R. Sterenborg
2002-07-09 17:20 ` Matthias Kattanek
0 siblings, 1 reply; 8+ messages in thread
From: R. Sterenborg @ 2002-07-09 14:38 UTC (permalink / raw)
To: Iptables-User-list (E-mail)
----- Original Message -----
From: "Mike G. Hammonds" <mhammonds@knowledgeinenergy.com>
Subject: Redhat 7.2 Kernel
> Does the default install kernel of RH7.2 have iptable support already
> compiled in it?
>
Yes it does.
Rob
^ permalink raw reply [flat|nested] 8+ messages in thread
* Redhat 7.2 Kernel
@ 2002-07-09 14:17 Mike G. Hammonds
2002-07-09 14:38 ` R. Sterenborg
0 siblings, 1 reply; 8+ messages in thread
From: Mike G. Hammonds @ 2002-07-09 14:17 UTC (permalink / raw)
To: Iptables-User-list (E-mail)
Does the default install kernel of RH7.2 have iptable support already
compiled in it?
Mike Hammonds
Fellon-McCord & Associates, Inc.
Information Services Manager
Voice (502) 214-6324 Fax (502)426-8800
mhammonds@knowledgeinenergy.com <mailto:mhammonds@knowledgeinenergy.com >
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2002-07-10 13:10 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-07-09 18:12 Redhat 7.2 Kernel Denis JULIEN
2002-07-09 19:12 ` Glover George
2002-07-10 8:39 ` Dorian Haasler
2002-07-10 13:10 ` Jason Costomiris
-- strict thread matches above, loose matches on Subject: below --
2002-07-09 14:17 Mike G. Hammonds
2002-07-09 14:38 ` R. Sterenborg
2002-07-09 17:20 ` Matthias Kattanek
2002-07-09 17:41 ` Jan Humme
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.