This is probably a simple error but I can't get a ping to work on the
localhost interface of the firewall I have set up. This is my first
attempt to translate my ipchains firewall to iptables.
Here is the setup of the basic rules so far:
#!/bin/bash
IPADDR=`/sbin/ifconfig ppp0 | grep inet | awk '{ print $2 }' | sed -e 's/addr://'`
#--------------------------------------------
# Remove any existing rules from all chains
#--------------------------------------------
$IPTABLES --flush
$IPTABLES -t nat --flush
$IPTABLES -t mangle --flush
#--------------------------------------------
# The Default policy
#--------------------------------------------
$IPTABLES --policy INPUT DROP
$IPTABLES --policy OUTPUT DROP
$IPTABLES --policy FORWARD DROP
$IPTABLES -t nat --policy PREROUTING DROP
$IPTABLES -t nat --policy OUTPUT DROP
$IPTABLES -t nat --policy POSTROUTING DROP
$IPTABLES -t mangle --policy PREROUTING DROP
$IPTABLES -t mangle --policy OUTPUT DROP
# Remove any pre-existing user-defined chains
$IPTABLES --delete-chain
$IPTABLES -t nat --delete-chain
$IPTABLES -t mangle --delete-chain
#--------------------------------------------
# Loopback Interface
#--------------------------------------------
# Unlimited traffic on the loopback interface
$IPTABLES -A INPUT -i $LOOPBACK_INTERFACE \
-d $LOOPBACK -j LOG \
--log-level 4 --log-prefix "Input lo packet: "
$IPTABLES -A INPUT -i $LOOPBACK_INTERFACE \
-d $LOOPBACK -j ACCEPT
$IPTABLES -A OUTPUT -o $LOOPBACK_INTERFACE \
-s $LOOPBACK -j LOG \
--log-level 4 --log-prefix "Output lo packet: "
$IPTABLES -A OUTPUT -o $LOOPBACK_INTERFACE \
-s $LOOPBACK -j ACCEPT
exit 0
-----
Problems:
ping -c 1 localhost is not allowed
No reports are showing up in the syslogs. I have kernel messages going
to its own seperate file regardless of the log level.
Question:
What is wrong? Should not all localhost traffic be unrestricted?
Stephen
[EMAIL PROTECTED]
