Hi all,
I'm using the iptables config from: http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html
Now, when I try that, apparently KDE and GNOME both refuses to start -- do they run some kind of server and then connect to it? How can I fix this?
(Worked fine on RH9; but apparently refuses to work on FC2).
Thanks, --TongKe
Hi all,
I'm using the iptables config from: http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html
Now, when I try that, apparently KDE and GNOME both refuses to start -- do they run some kind of server and then connect to it? How can I fix this?
(Worked fine on RH9; but apparently refuses to work on FC2).
To make it easier to respond; the section I'm referring to is:
--BEGIN QUOTE-- ## Insert connection-tracking modules (not needed if built into kernel). # insmod ip_conntrack # insmod ip_conntrack_ftp
## Create chain which blocks new connections, except if coming from inside. # iptables -N block # iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT # iptables -A block -j DROP
## Jump to that chain from INPUT and FORWARD chains. # iptables -A INPUT -j block --END QUOTE--
On Wed, 29 Sep 2004 23:24:41 -0700, TongKe Xue tongke@gmail.com wrote:
Hi all,
I'm using the iptables config from: http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html
Now, when I try that, apparently KDE and GNOME both refuses to start -- do they run some kind of server and then connect to it? How can I fix this?
(Worked fine on RH9; but apparently refuses to work on FC2).
Thanks, --TongKe
-- Knowledge is freedom. Read http://watchtower.org
Am Do, den 30.09.2004 schrieb TongKe Xue um 8:30:
--BEGIN QUOTE-- ## Insert connection-tracking modules (not needed if built into kernel). # insmod ip_conntrack # insmod ip_conntrack_ftp
## Create chain which blocks new connections, except if coming from inside. # iptables -N block # iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT # iptables -A block -j DROP
## Jump to that chain from INPUT and FORWARD chains. # iptables -A INPUT -j block --END QUOTE--
What are the rules for OUTPUT? Seems that you at least block some traffic on localhost which prevents the GUI starting.
Alexander
On Wed, 29 Sep 2004, TongKe Xue wrote:
Hi all,
I'm using the iptables config from: http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html
Now, when I try that, apparently KDE and GNOME both refuses to start -- do they run some kind of server and then connect to it? How can I fix this?
(Worked fine on RH9; but apparently refuses to work on FC2).
To make it easier to respond; the section I'm referring to is:
--BEGIN QUOTE-- ## Insert connection-tracking modules (not needed if built into kernel). # insmod ip_conntrack # insmod ip_conntrack_ftp
## Create chain which blocks new connections, except if coming from inside. # iptables -N block # iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT # iptables -A block -j DROP
## Jump to that chain from INPUT and FORWARD chains. # iptables -A INPUT -j block --END QUOTE--
Just a quick note...I'm hoping that you realize that if you have that exact snippet in your firewall script, there's nothing going on, at all...all of the lines starting with # are effectively commented out.
Hi all,
The "#" was been removed; so was the following line: # iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
I do not have any rules setup for OUTPUT
Thanks, --TongKe
On Thu, 30 Sep 2004 07:31:18 -0500 (EST), Mike Burger mburger@bubbanfriends.org wrote:
On Wed, 29 Sep 2004, TongKe Xue wrote:
Hi all,
I'm using the iptables config from: http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html
Now, when I try that, apparently KDE and GNOME both refuses to start -- do they run some kind of server and then connect to it? How can I fix this?
(Worked fine on RH9; but apparently refuses to work on FC2).
To make it easier to respond; the section I'm referring to is:
--BEGIN QUOTE-- ## Insert connection-tracking modules (not needed if built into kernel). # insmod ip_conntrack # insmod ip_conntrack_ftp
## Create chain which blocks new connections, except if coming from inside. # iptables -N block # iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT # iptables -A block -j DROP
## Jump to that chain from INPUT and FORWARD chains. # iptables -A INPUT -j block --END QUOTE--
Just a quick note...I'm hoping that you realize that if you have that exact snippet in your firewall script, there's nothing going on, at all...all of the lines starting with # are effectively commented out.
-- Mike Burger http://www.bubbanfriends.org
Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org
To be notified of updates to the web site, visit http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a message to:
site-update-request@bubbanfriends.org
with a message of:
subscribe
On Thu, 2004-09-30 at 02:30, TongKe Xue wrote:
Hi all,
I'm using the iptables config from: http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html
Now, when I try that, apparently KDE and GNOME both refuses to start -- do they run some kind of server and then connect to it? How can I fix this?
(Worked fine on RH9; but apparently refuses to work on FC2).
To make it easier to respond; the section I'm referring to is:
--BEGIN QUOTE-- ## Insert connection-tracking modules (not needed if built into kernel). # insmod ip_conntrack # insmod ip_conntrack_ftp
## Create chain which blocks new connections, except if coming from inside. # iptables -N block # iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT # iptables -A block -j DROP
## Jump to that chain from INPUT and FORWARD chains. # iptables -A INPUT -j block --END QUOTE--
On Wed, 29 Sep 2004 23:24:41 -0700, TongKe Xue tongke@gmail.com wrote:
Hi all,
I'm using the iptables config from: http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html
If I remember try adding; iptables -P OUTPUT ACCEPT iptables -I OUTPUT -o lo ACCEPT
On Thu, 2004-09-30 at 02:30, TongKe Xue wrote:
Hi all,
I'm using the iptables config from: http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html
Now, when I try that, apparently KDE and GNOME both refuses to start -- do they run some kind of server and then connect to it? How can I fix this?
(Worked fine on RH9; but apparently refuses to work on FC2).
To make it easier to respond; the section I'm referring to is:
--BEGIN QUOTE-- ## Insert connection-tracking modules (not needed if built into kernel). # insmod ip_conntrack # insmod ip_conntrack_ftp
## Create chain which blocks new connections, except if coming from inside. # iptables -N block # iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT # iptables -A block -j DROP
## Jump to that chain from INPUT and FORWARD chains. # iptables -A INPUT -j block --END QUOTE--
On Wed, 29 Sep 2004 23:24:41 -0700, TongKe Xue tongke@gmail.com wrote:
Hi all,
I'm using the iptables config from: http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html
If I remember try adding; iptables -P OUTPUT ACCEPT iptables -I OUTPUT -o lo ACCEPT
-
Alexander Dalloz -
jludwig -
Mike Burger -
TongKe Xue