[olug] firewall script

mesc mescie at home.com
Tue Sep 19 23:53:20 UTC 2000


I was just looking over my firewall script and was wondering if udp/tcp input
could be affecting my box's inability to ping my DNS??

            Gary Martin

mesc wrote:

> I went to http://www.linux-firewall-tools.com/linux/firewall/index.html
> and had a firewall written for my box and named  it  rc.firewall and put
> it in /etc/rc.d.When I boot up it reads starting firewalling........
> then hangs until I hit ^C then the bootup process resumes normally.Once
> I'm booted up I can't go anywhere on the net,I get the unknown host
> error in netscape.I can ping my box but when I ping my domain name
> server I get operation not permited then  the usual ping info with 0
> packets recieved.Here are some parts of my firewall script to look at.If
> they aren't the right parts just let me know and I'll send more.
>
> # Set the default policy of the filter to deny
> ipchains -P input DENY
> ipchains -P output REJECT
> ipchains -P forward DENY
>
> DNS entries atached
>
>         Thank you in advance,Gary Martin
>
> P.S. My ps/2 2 button mouse is setup for 3 button emulation and it
> usually paste into messenger just fine but my mouse must be acting up
> today or maybe it's just plain broke :)
>
>   ------------------------------------------------------------------------
> \    # DNS client (53)
>     # ---------------
>     ipchains -A output -i $EXTERNAL_INTERFACE -p udp  \
>              -s $IPADDR $UNPRIVPORTS \
>              -d $NAMESERVER_1 53 -j ACCEPT
>
>     ipchains -A input  -i $EXTERNAL_INTERFACE -p udp  \
>              -s $NAMESERVER_1 53 \
>              -d $IPADDR $UNPRIVPORTS -j ACCEPT
>
>     ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
>              -s $IPADDR $UNPRIVPORTS \
>              -d $NAMESERVER_1 53 -j ACCEPT
>
>     ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
>              -s $NAMESERVER_1 53 \
>              -d $IPADDR $UNPRIVPORTS -j ACCEPT
>
>     ipchains -A output -i $EXTERNAL_INTERFACE -p udp  \
>              -s $IPADDR $UNPRIVPORTS \
>              -d $NAMESERVER_2 53 -j ACCEPT
>
>     ipchains -A input  -i $EXTERNAL_INTERFACE -p udp  \
>              -s $NAMESERVER_2 53 \
>              -d $IPADDR $UNPRIVPORTS -j ACCEPT
>
>     ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
>              -s $IPADDR $UNPRIVPORTS \
>              -d $NAMESERVER_2 53 -j ACCEPT
>
>     ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
>              -s $NAMESERVER_2 53 \
>              -d $IPADDR $UNPRIVPORTS -j ACCEPT
>
>     # ------------------------------------------------------------------
>
>   ------------------------------------------------------------------------
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: olug-unsubscribe at bstc.net
> For additional commands, e-mail: olug-help at bstc.net


---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net



More information about the OLUG mailing list