PDA

Click to See Complete Forum and Search --> : Question about iptable

seekhosting
12-22-2003, 09:04 AM
Hi,

I am new to Linux.

I have been reading some tutorials about iptable. However, when I want to have a trial, I have no idea where (which file) to configure the iptable.

Am I simply open the file and append line by line??

Thanks~~
blingbling!!
12-22-2003, 09:11 AM
Usually you write all of your rules into a file, then execute the file. If you've been looking at some example IPTABLES scripts, then usually you'll have to give the script execute permission, then run it like this:

$> ./my-iptables-file

or

$> sh my-iptables-file

This is not an 'inbuilt' capability of iptables, you're actually running a script on the command line.

hth
Robin.

p.s. iptables is a pretty complex (an powerful) tool, so don't be too worried if it takes you ages to figure it out.
seekhosting
12-22-2003, 09:48 AM
Hi,

Thanks for your kind assistance. However, I am totally new to linux, I need more guidlines.

1. I write the iptable scripts into a text file and save as (e.g. iptable.sh), e.g:

#!/bin/sh
iptables -F
NET=xxx.xxx.xx.xx

#---------------------------------------------------------------
# If a packet doesn't match the policy is to drop it
#---------------------------------------------------------------
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP

--------------------------------------------------------------
--------------------------------------------------------------

2. Give the script execute permission.
How can I do this? Simple chmod the files??

3. Run the script.
sh iptable.sh

Is that correct?

Thanks~~~~
blingbling!!
12-22-2003, 11:38 AM
Ok,

1) Your file looks ok, but the rules that are in there will stop all traffic!!

2) Check out the chmod command (man chmod). I usually do chmod u+x <<filename>>.

3) to run the script you first need to give the file execute permissions (i.e. 2)). Then just do ./<<Filename>> or sh <<filename>> (one or other should work)

One more thing - you should be doing all this as root - make sure the script is owned by root (chown root:root <<filename>>). On some distros the iptables command is not in the path unless you are root.

Give it a whirl - i don't think there's too much can go wrong if you make a mistake (depending on the target machine, of course - i did all my experimenting on my home PC, so no problems with temporarily opening the gates to the world!!!).

hth.
Robin