[prev in list] [next in list] [prev in thread] [next in thread]
List: ipchains-list
Subject: Re: Ipchains rules not working?
From: raf <raf () raf ! org>
Date: 2001-10-11 21:44:59
[Download RAW message or body]
Arthur DiSegna wrote:
> I am trying to create a router to divide 2 subnets. I have edited the
> /etc/sysconfig/ipchains file to include variable and rules but the error out
> when I run ./ipchains start from /etc/rc.d/init.d/
>
> In the first few lines I include my variables like:
>
> subnet_1="eth1"
> subnet_2="eth2"
> loopback_int="lo"
> loopback="127.0.0.1"
> class_a="10.0.0.0/8"
>
> And so on....
>
> Then my first fule is:
>
> ipchains input -j DENY
> ipchains output -j DENY
> ipchains forward -j REJECT
>
> And so on....
>
> The problem is when I run ./ipchains start I get errors when it hits the
> first variable subnet_1="eth1". If I try and # the first 3 lines out I get
> errors on ipchains input -j DENY or ipchains -A input -j DENY. If I try
> running ipchains input -j DENY right from the command line it goes through.
> Also when I type in the variable subnet_1="eth1" from the command line it
> seems to work also. But when I type a line like ipchains -A input -i
> $subnet_1 -s 0/0 -d 0/0 -j ACCEPT -l I get an error because it doesn't
> recognize the $subnet_1 variable. I hope I am being clear enough and
> explaining it properly...
>
> Thanks in advance..
> SISCO (Security Identification Systems Corporation) develops and installs
> software and hardware access control solutions for commercial and government
> facilities. Our high-speed photo identification and tracking systems
> address security concerns and help reduce liability for corporations
> worldwide.
i think i was wrong about editing this file with an editor.
i had a look at an rh7.x system at work yesterday and it seems
that the the /etc/sysconfig/ipchains file is supposed to be
created by typing in all of your ipchains commands and then
doing /etc/rc.d/init.d/ipchains save. i don't know what format
the file wqould then contain. it's probably text because
/etc/rc.d/init.d/ipchains does run sed over it. but start by
doing the "ipchains save" to get a better idea of what is expected.
it's using the ipchains-save and ipchains-restore utilities.
raf
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic