On Wed, Jul 17, 2002 at 09:22:12PM +0700, Jean Christophe ANDR?? wrote: > Dave Price �crivait : > > Is there a better sysntax I should be using to define IP addresses in my > > firewall script(s)? > > For this question I guess there is no easy answer... It depends of what you > are using to build your firewall script. It seems your are doing it by hand > (as I often do) so it's up to you to choose the way you want to write it!
Here is what I ran which worked perfectly! #!/bin/bash #fw_log.sh - set logging on iptables 7/17/2002; dap sourceIPtoSpy=198.68.51.11 laptop=192.168.2.98 iptables -N LOGIT # special chain to log all except fragments iptables -A LOGIT -m state --state ESTABLISHED -j RETURN # don't log frags iptables -A LOGIT -j LOG iptables -A LOGIT -j RETURN iptables -I FORWARD -s $sourceIPtoSpy -j LOGIT iptables -I FORWARD -d $sourceIPtoSpy -j LOGIT iptables -I FORWARD -s $laptop -j LOGIT iptables -I FORWARD -d $laptop -j LOGIT #end Question: what should i run to UNDO this? By hand, I deleted most of the rules so there is no logging to my tiny 300mb firewall drive (only 50% full with a debian firewall running) Here is iptables -L: <list> Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state ESTABLISHED ACCEPT all -- anywhere anywhere state ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination LOGIT all -- anywhere 198.68.51.11 LOGIT all -- 198.68.51.11 anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT tcp -- anywhere anywhere tcp dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain LOGIT (2 references) target prot opt source destination RETURN all -- anywhere anywhere state ESTABLISHED RETURN all -- anywhere anywhere state ESTABLISHED LOG all -- anywhere anywhere LOG level warning RETURN all -- anywhere anywhere </list> You can see there are still remnants of the test in the iptables. Any advise or pointers appreciated! aloha, dave -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
