I'm using RH9 and i've chmod +x /etc/rc.d/rc.firewall and its not taking effect. Heres what it says when i type iptables -L

[root@localhost root]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- ns2.hr.cox.net anywhere udp spt:domain dpts:
1025:65535
ACCEPT udp -- anywhere anywhere udp spts:bootps:boot
pc dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere udp spts:bootps:boot
pc dpts:bootps:bootpc
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp flags:SYN,RST,AC
K/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp reject-with icmp
-port-unreachable
[root@localhost root]#

I have tried replacing all of the ACCEPT with DROP in the firewall and i can still connect to the internet. I don't know where it is getting these rules from... Any help is appriciated.

Those rules are generated by Lokkit. If you look at the graphical firewall configuration tool (I don't know what it's called in 9) and do it through there or you can look at the file in /etc/sysconfig/iptables. By default the iptables startup file in /etc/init.d looks for a file in /etc/sysconfig called iptables and it uses the command iptables-restore to reset them when you boot.

P.S. I have 9 on cd but I haven't installed yet, have you noticed a great difference from 8? Can you add items to the start menu more simply? Give us a little review.

Joe

Thanks, i've uninstalled lokkit and have both changed the /etc/sysconfig/iptables file to the firewall script i made, and tried editing the /etc/init.d/iptables file to point to /etc/rc.d/iptables and in both cases i get this error when iptables loads when it boots up:
Bad Argument "AN_IP=192.168.5.4"
Why it is showing up as AN_IP instead of LAN_IP i dont know. Or if thats even why it isn't loading...

I just tried RH8 for a while, i was having a few problems with it that even the linux guru's didn't know what was wrong. With 8 and 9 i installed only what i needed and RH8 seemed extremely bloated, where RH9 seems a lot sleeker. I installed RH8 so long ago and used it for such a small amount of time i really can't remember enough about it to compare it's features to RH9, but i haven't had any real problems with 9. This is the first version of any distro that i have tried that works fine out of the box, and i could use on a daily bases...

Heres the only review i have been able to find of it
http://www.gurulabs.com/RedHatLinux9-review.html

And heres a pretty good RH forum that has a lot of people who are running RH9 and could give you a better review of it than me. :)
http://linuxiso.org/forums/viewforum.php?f=3

Thanks for the review links.

Try this for iptables. Run the script manually to set your iptables rules then use the command "iptables-save > /etc/sysconfig/iptables". This will create a file that should load great every time. The command that the iptables script uses is iptables-restore to restore the iptables rules and I suspect that it has some sort of syntax or format that has to be followed. The command iptables-save creates the file in that format, however if you want a script that you can just edit directly you can use the rc.local file to run it during startup but, I prefer to use the method that the startup script uses so that I don't have to maintain an extra file. I have a script for my rules as well but I only use it to setup new rules and I use the iptables file to restore them on boot. It works well for stuff like ./iptables restart.

Joe

Hrmmm I tried running the script manually and iptables can't load the modules or even the rules. I'm also now using the default "Personal Desktop" installation except i've uninstalled RH-Lokkit, RH securitylevel, and firstboot. When i first boot up and type /sbin/lsmod it doesn't list any iptables related modules, but after i type iptables -L it lists ip_tables and iptable_filter. I have also tried loading the other modules by typing /sbin/modprobe [missing module name]... confirming they are loaded and then loading my firewall script and still get the same errors :/ I don't have a /usr/sbin/iptables file so i've also tried editing the rc.firewall to point to /sbin/iptables and i get the same errors...

Heres the output when i try to run my iptables script.

[root@localhost root]# ./rc.firewall
: command not found 2:
: command not found 8:
: command not found 10:
: command not found 12:
/sbin/depmod: invalid option --
depmod 2.4.22
depmod -[aA] [-n -e -v -q -V -r -u]
[-C configfile] [-F kernelsyms] [-b basedirectory] [forced_version]
depmod [-n -e -v -q -r -u] [-F kernelsyms] module1.o module2.o ...
If no arguments (except options) are given, "depmod -a" is assumed

depmod will output a dependancy list suitable for the modprobe utility.
depmod -a will find the list of modules to probe from the file
/etc/modules.conf. It will output the result into the depfile specified
in this configuration file

depmod -A is the same as depmod -a, but will first compare the timestamps
of the files involved to see if the depfile needs updating.

Normally depmod operates silently, reporting only the list of modules that
won't load properly (missing symbols).

Options:
-a, --all Probe modules listed in /etc/modules.conf
-A Like -a, compares timestamps first
-q, --quiet Don't report missing symbols
-e, --errsyms List unresolved symbols for the given module
-s, --syslog Report errors using syslog
-v, --verbose Print all visited modules
-n, --show Write the dependency file on stdout only
-r, --root Allow root to allow modules not owned by root
-V, --version Print the release version
-u, --unresolved-error Set an error return code for unresolved symbols
-h, --help Print this usage message

The following options are useful for people managing distributions:
-b basedirectory
--basedir basedirectory Use an image of a module tree.
-C configfile
--config configfile Use the file instead of
/etc/modules.conf.
-F kernelsyms
--filesyms kernelsyms Use the file instead of the
current kernel symbols.
modprobe: Can't locate module ip_tables
modprobe: Can't locate module ip_conntrack
modprobe: Can't locate module iptable_filter
modprobe: Can't locate module ipt_LOG
modprobe: Can't locate module ipt_limit
modprobe: Can't locate module ipt_state
: command not found 23:
: command not found 25:
Clearing Tables...
: No such file or directoryr/sbin/iptables
: No such file or directoryr/sbin/iptables
: No such file or directoryr/sbin/iptables
: command not found 30:
: command not found 32:
: No such file or directoryr/sbin/iptables
: No such file or directoryr/sbin/iptables
: No such file or directoryr/sbin/iptables
: No such file or directoryr/sbin/iptables
: No such file or directoryr/sbin/iptables
: command not found 38:
: command not found 40:
: No such file or directoryr/sbin/iptables
./rc.firewall: line 42: -m: command not found
: No such file or directoryr/sbin/iptables
./rc.firewall: line 44: --log-prefix: command not found
: No such file or directoryr/sbin/iptables
[It goes on]

OK now i just tried MonMotha's IPTables Firewall script, and for some reason that works fine. So the problem has to be with my script, i don't know what could be wrong with it though.

There are major syntax problems in your rc.firewall script. Post it.

Here it is

Change IPTABLES="/usr/sbin/iptables" to IPTABLES="/sbin/iptables" to fix the problem of it not finding /usr/sbin/iptables.

Consider putting the WORMPORTS variable in double quotes, too. Or change all the double quotes to single quotes (and put WORMPORTS in single quotes in that case).

Then, if it still won't work, do a ./rc.firewall >log.txt 2>&1 and attach the log.txt file. From your output, it looks like a lot of (incidentally, very important) things have been overwritten. Capturing output to a file should fix that.

Thanks bwkaz, I works now :D i changed the path to iptables and added the quotes like you said which was part of the problem. Another reason it couldn't find iptables was because i had a few " " at the end of my rules which was screwing it up somehow...

Ah. Maybe the quotes were mismatched? Well, good that it's working now. :)