gShield Installation Notes
--------------------------

* Netfilter/iptables

gShield assumes you have a properly working and
configured netfilter/iptables setup.
===============

How would I know if I have a "working" netfilter/iptables setup on my 9.1
system?

Al

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Dec 14, 2003 at 11:28:08PM PST, Adams-Blake Company wrote
in article <vtqon66oiuvgdb@news20.forteinc.com>:

> How would I know if I have a "working" netfilter/iptables setup on my 9.1
> system?

if you're running a kernel with netfilter/iptables support compiled
in, or as a module. and the same for all the iptables options, again,
either compiled into the kernel, or as modules.

and you have the iptables installed.

and the final check is that all the rules you feed iptables are
accepted without errors


Jurgen.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/3X941ucXIiwNwbURAt5DAKCgsAp3puflCNl5JRiNJ3TSjD3koA CeLQ5O
0wdZgbot1BLZ1rJiaoqIIs8=
=pe6N
-----END PGP SIGNATURE-----

Jurgen Philippaerts wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sun, Dec 14, 2003 at 11:28:08PM PST, Adams-Blake Company wrote
> in article <vtqon66oiuvgdb@news20.forteinc.com>:
>
>> How would I know if I have a "working" netfilter/iptables setup on my 9.1
>> system?
>
> if you're running a kernel with netfilter/iptables support compiled
> in, or as a module. and the same for all the iptables options, again,
> either compiled into the kernel, or as modules.
>
> and you have the iptables installed.
>
> and the final check is that all the rules you feed iptables are
> accepted without errors
>
>
> Jurgen.
>

Jurgen: I think I understood what I thought you said!! Is there a way to
find out if netfilter/iptables is compiled in, or if it is a module? Is
there a way to see if it even runs? I'm just getting started with this and
am learning about iptables rules but so far don't know how to write one. Is
there a simple one I can use to test netfilter/iptables?

Al

PS: This might be a good topic for the FAQ.

"Adams-Blake Company" <atakeoutcanton@adams-blaketakeout.com> wrote in
message news:vtrg36eiqvti21@news20.forteinc.com...
> Jurgen: I think I understood what I thought you said!! Is there a way to
> find out if netfilter/iptables is compiled in, or if it is a module? Is
> there a way to see if it even runs? I'm just getting started with this and
> am learning about iptables rules but so far don't know how to write one.
Is
> there a simple one I can use to test netfilter/iptables?
>

I use iptables/netfilter under Slackware 9.0.

You need to create the file /etc/rc.d/rc.firewall into which you place
standard iptables commands.

If you go to www.netfilter.org there is an iptables howto which will get you
going.


--
Regards
Martin Hughes
Linux User #283064
Blessed are those who expect nothing; for they shall not be disappointed.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martin Hughes wrote:
| "Adams-Blake Company" <atakeoutcanton@adams-blaketakeout.com> wrote in
| message news:vtrg36eiqvti21@news20.forteinc.com...
|
|>Jurgen: I think I understood what I thought you said!! Is there a way to
|>find out if netfilter/iptables is compiled in, or if it is a module? Is
|>there a way to see if it even runs? I'm just getting started with this and
|>am learning about iptables rules but so far don't know how to write one.
|
| Is
|
|>there a simple one I can use to test netfilter/iptables?
|>
|
|
| I use iptables/netfilter under Slackw

are 9.0.
|
| You need to create the file /etc/rc.d/rc.firewall into which you place
| standard iptables commands.
|
| If you go to www.netfilter.org there is an iptables howto which will
get you
| going.
|
|

webmin (www.webmin.com) has a good firewall configuration utility under
network -> linux firewall - also useful for other things

to automate a webmin-configured firewall, place this in
/etc/rc.d/rc.firewall, and chmod +x it:

#!/bin/sh
`which iptables-restore` /etc/webmin/firewall/iptables.save
- --
Fred Emmott

Really, I'm not out to destroy Microsoft. That will just be a completely
unintentional side effect. --- Linus Torvalds
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQE/3eDdDvn9hyzHIq4RApj7AJ9dHLZZz3lZSb4zrTAmL12ub5nIHw CfduTn
+soQ/YLkGQhnPNdIZtXVffE=
=bgrR
-----END PGP SIGNATURE-----

On Mon, Dec 15 2003, in alt.os.linux.slackware,
Adams-Blake Company <atakeoutcanton@adams-blaketakeout.com> wrote:

> Jurgen: I think I understood what I thought you said!! Is there a
> way to find out if netfilter/iptables is compiled in, or if it is
> a module?

I'd suspect you could take a look at your kernel config file. 9.1
still keeps of copy of that in /boot does it not? Take a look at the
options under IP: Netfilter Configuration -> For example:

CONFIG_IP_NF_IPTABLES=m (module)
CONFIG_IP_NF_IPTABLES=y (compiled in)

Max

--
For every evil under the sun,
There is a remedy, or there is none;
If there be one, try and find it,
If there be none, never mind it.

Adams-Blake Company <atakeoutcanton@adams-blaketakeout.com> wrote in
news:vtqon66oiuvgdb@news20.forteinc.com:
> How would I know if I have a "working" netfilter/iptables setup on my
> 9.1 system?
>
> Al

ls /var/log/pa{TAB}/ipta{TAB}
iptables -nL
man iptables

buck