Re: Opps !! HELLLLLLLLPPPPPP !!! iptables and a clingon

Tue, 10 Dec 2002 12:40:22 -0800 


On Sunday 08 December 2002 17:14, Elizabeth Barham wrote:

>
> The instructions are in /etc/default/iptables.
>
> Here's what I did: I wrote an iptables script and saved it in root's
> home directory, and when I want to change the iptables rules, I modify
> the script, run it, and then do:
>
> /etc/init.d/iptables save active
>
> Elizabeth

Yep, that looks good to me !!!
The problem I have is that, first I reset iptables with
/etc/init.d/iptables restart

iptables -L gives ....

debian:/home/test# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
debian:/home/test#

Im a happy bunney, OK an insecure one !!

I try and access the web, the dial on demand kicks in, all AOK and good
web page OK etc etc ...

However as the link via PPP is made iptables -L gives ...

debian:/home/test# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
LOG        all  --  127.0.0.0/8          anywhere           LOG level warning
DROP       all  --  127.0.0.0/8          anywhere
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  anywhere             m718-mp1.cvx1-c.nth.dial.ntli.net
LOG        all  --  anywhere             anywhere           LOG level warning
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere           LOG level warning
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             255.255.255.255
ACCEPT     all  --  m718-mp1.cvx1-c.nth.dial.ntli.net  anywhere
LOG        all  --  anywhere             anywhere           LOG level warning
DROP       all  --  anywhere             anywhere
debian:/home/test#

and untill I reset iptables dial on demand fails ...

My guess is that all these rules should not self generate ?
They are probarbly comming from a previous iptables script or setup demon
in mason or bastille ??

Any ideas ???


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to