if you're going to use iptables, you might as well go ahead and remove ipchains altogether (rpm -e ipchains). or at the very least disable it (chkconfig ipchains off).
as for starting and running iptables, i find it easiest to simply create a shell script with the necessary commands (insert modules, change kernel networking parameters, iptables statements, etc), call it firewall.sh, chmod 755 the file, and stick it in /etc. then start it by adding "/etc/firewall.sh" at the end of /etc/rc.d/rc.local. there are other ways of doing things with iptables, but i find this to be the easist, most straightforward, and easiet to troubleshoot and modify. jason On Thursday 02 January 2003 15:06, Jeff Bollinger wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I feel like I'm pretty familiar with how to write IPTables rules, but > I'm a little confused about actually starting my filtering. I have a > file called "firewall" in /etc/sysconfig that I think contains some > rules (this could be residual from some auto-generate scripts I've > tried). I've also got /etc/sysconfig/ipchains. Which one of these do I > edit? Once I've written my rules, do I just issue a "service iptables > start" and they're up and running? > > Thanks! > Jeff > - -- > Jeff Bollinger > University of North Carolina > IT Security Analyst > 105 Abernethy Hall > mailto: jeff_bollinger@unc dot edu > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.0 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQE+FJvZvoVlxVBmgsURAkAMAKCUpJjyrodNcqWr2sruBth/bIVGYgCfVWhL > 62AW+L17v6guIiP5XezBBkg= > =lcsd > -----END PGP SIGNATURE----- > > _______________________________________________ > TriLUG mailing list > http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ: > http://www.trilug.org/~lovelace/faq/TriLUG-faq.html _______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
