Menu
▾
▴
Re: [Devil-Linux-discuss] Iptables file to be converted to firewall.rules
|
From: Tim T. <t....@co...> - 2004-09-25 01:10:22
|
Dave Mullen wrote:
>Hey folks,
>
>I just wanted to bounce something off of you guys, since my knowledge of
>firewalling isn't nearly as good as others.
>
>The project I'm working on is building a replacement firewall that we can
>modify easier. Our old firewall was based on RH 8.0, and used a config file
>from /etc/sysconfig/ iptables.
>
>Now that I'm moving to Devil Linux with this project, the new(er) netfilter
>(iptables new name) is setting up its rules from /etc/init.d/ firewall.rules.
>
>Now generally, I think it would be pretty easy to setup the standard:
>-A PREROUTING -p tcp -m tcp --dport 137 -j DROP
>into the new script, with simply:
>${IPTABLES} -A PREROUTING -p tcp -m tcp --dport 137 -j DROP
>
>So, that's easy and fine, but what would I do with this part of a config?
>
>*nat
>:PREROUTING ACCEPT [224:14748]
>:POSTROUTING ACCEPT [15:191]
>:OUTPUT ACCEPT [45:371]
>:NLOGNDROP - [0:0]
>:NCORPORATEFLTER - [0:0]
>:NATIT - [0:0]
>:NEWVPNFLTER - [0:0]
>
>Any thoughts? Am I just missing a really easy way to tell netfilter to load
>the old iptables conf from the same directory?
>
>Thanks in advance!
>
>Dave Mullen
>
>
I'm not an expert but that looks like the output from the
"iptables-save" command, which can be loaded with the "iptables-restore"
command, which DL does support...
Tim
|