[olug] firewall script

mesc mescie at home.com
Tue Sep 19 23:45:36 UTC 2000 

I went to http://www.linux-firewall-tools.com/linux/firewall/index.html
and had a firewall written for my box and named  it  rc.firewall and put
it in /etc/rc.d.When I boot up it reads starting firewalling........
then hangs until I hit ^C then the bootup process resumes normally.Once
I'm booted up I can't go anywhere on the net,I get the unknown host
error in netscape.I can ping my box but when I ping my domain name
server I get operation not permited then  the usual ping info with 0
packets recieved.Here are some parts of my firewall script to look at.If
they aren't the right parts just let me know and I'll send more.

# Set the default policy of the filter to deny
ipchains -P input DENY
ipchains -P output REJECT
ipchains -P forward DENY


DNS entries atached



        Thank you in advance,Gary Martin


P.S. My ps/2 2 button mouse is setup for 3 button emulation and it
usually paste into messenger just fine but my mouse must be acting up
today or maybe it's just plain broke :)



-------------- next part --------------
\    # DNS client (53)
    # ---------------
    ipchains -A output -i $EXTERNAL_INTERFACE -p udp  \
             -s $IPADDR $UNPRIVPORTS \
             -d $NAMESERVER_1 53 -j ACCEPT 

    ipchains -A input  -i $EXTERNAL_INTERFACE -p udp  \
             -s $NAMESERVER_1 53 \
             -d $IPADDR $UNPRIVPORTS -j ACCEPT 


    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
             -s $IPADDR $UNPRIVPORTS \
             -d $NAMESERVER_1 53 -j ACCEPT 

    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
             -s $NAMESERVER_1 53 \
             -d $IPADDR $UNPRIVPORTS -j ACCEPT 

    ipchains -A output -i $EXTERNAL_INTERFACE -p udp  \
             -s $IPADDR $UNPRIVPORTS \
             -d $NAMESERVER_2 53 -j ACCEPT 

    ipchains -A input  -i $EXTERNAL_INTERFACE -p udp  \
             -s $NAMESERVER_2 53 \
             -d $IPADDR $UNPRIVPORTS -j ACCEPT 


    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
             -s $IPADDR $UNPRIVPORTS \
             -d $NAMESERVER_2 53 -j ACCEPT 

    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
             -s $NAMESERVER_2 53 \
             -d $IPADDR $UNPRIVPORTS -j ACCEPT 

    # ------------------------------------------------------------------



-------------- next part --------------
---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net

More information about the OLUG mailing list