University Crest

[wlug] Firewall script problem

 
wlug archive index About the wlug list Mailing lists home
To The University of Waikato HomepageWaikato Home > Waikato Mailing Lists > wlug Info > wlug archives
Gun Caundle gun@p...
Sat Apr 24 09:21:16 NZST 2004


I am a newbie trying to create a firewall on RH9.  I am using a script 
from the RH9 bible (p507).
I am running a section at a time.  What I have so far:

# (1) Policies (default)
iptables _P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
                                                                                

# (2) user-defined chain for ACCEPTED TCP packets
iptables -N okay
iptables -A okay -p TCP  --syn -j ACCEPT
iptables -A okay -p TCP -m state ESTABLISHED,RELATED -j ACCEPT
iptables -A okay -p TCP -j DROP

This line is giving me some grief:
'iptables -A okay -p TCP -m state ESTABLISHED,RELATED -j ACCEPT'
Because I get this error when I run it.
'firescript: line 23: ESTABLISHED,RELATED: command not found'

The author says this line "allows through packets associated with an 
ESTABLISHED connection (one that has already had traffic pass through 
the interface) or a RELATED connection (one that is starting a new 
connection related to an already-established connection)

Are there other commands I could use or another line of script that 
would do the same job?
Any help would be appreciated.

Gun Caundle

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.waikato.ac.nz/pipermail/wlug/attachments/20040424/5177743c/attachment.html>


More information about the wlug mailing list
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.

The University of Waikato - Te Whare Wananga o Waikato