On 2009-01-28 Patrik Hasibuan wrote: > I am building a firewall with Debian Sarge on my internet gateway. But > lookslike my debian does not read my iptables script after I run my > own iptables script. [...] > I haven't open the rpcbind,auth,printer. And the 21,23,53 are not > opened by my iptables. Where is the mistake? Please tell me. I am new > in debian and iptables. Usually I use OpenSuSE and SuSEfirewall2 and I > configure the firewall with YaST2 so easily. But now I want to get > close to debian too. And I am stucked on this case. [...] > #!/bin/bash > #Zero...zero...from beginning > iptables -F
You are not setting default policies (bad idea), so your chains probably accept all incoming packets. As others have told you before: please post the output of "iptables -nL" and "iptables -t nat -nL" (and perhaps the output of "iptables -t mangle -nL" and "iptables -t raw -nL"). As a starting point, my iptables scripts usually begin like this: ----8<---- # 1) Disable IP forwarding. echo "0" > /proc/sys/net/ipv4/ip_forward # 2) Set default policies iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P POSTROUTING ACCEPT iptables -t nat -P OUTPUT ACCEPT # 3) Flush chains iptables -F iptables -t nat -F # 4) Delete user-defined chains iptables -X iptables -t nat -X # 5) Re-enable IP forwarding (if required) echo "1" > /proc/sys/net/ipv4/ip_forward # ... ---->8---- Regards Ansgar Wiechers -- "The Mac OS X kernel should never panic because, when it does, it seriously inconveniences the user." --http://developer.apple.com/technotes/tn2004/tn2118.html -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
