Anyone familiar with iptables on gentoo? What I've done so far is configure my kernel for iptables support and emerged the package iptables, which apparently is a wrapper and sets up some /etc/init.d scripts.
I manually entered the following and ran /etc/init.d/iptables save, which is supposed to save my firewall rules to a particular folder and reload them when iptables starts. Here are my rules... (Comments added here) # Accept connections from self iptables -A INPUT -i lo -j ACCEPT # Accept port 80(www) and 22(ssh) and 25(mail) iptables -A INPUT -p tcp -m multiport --dports 80,22,25 -j ACCEPT # Accept imap-ssl iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 993 -j ACCEPT # Logging iptables -A INPUT -m limit --limit 3/hour -j LOG # Reject everything else iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable The iptables save outputs in a different format. I entered these on the command line and I believe those rules take effect once you type them. Everything was good. As a test I ran this: /etc/init.d/iptables start ; sleep 60 ; /etc/init.d/iptables stop Upon doing this, my connection (via ssh) died until the stop command came through. I'm confused as to why turning on iptables in this way killed my connection but typing them manually did not. To further test things, I did the above command but with a "iptables -L" to list the rules and they look exactly as they did just after I typed them manually. Not sure what's up. Any help is appreciated. Also, feel free to comment on the iptables rules themselves... I'm no expert at firewalls but want something simple to help protect my server. Thanks, Rob _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
