enabling the firewall

  • mo_mughrabi
  • Student
  • Student
  • User avatar
  • Posts: 73

Post 3+ Months Ago

hi guys... am having a problem enabling the firewall (iptables) on my fedora core system. every time i start the iptables the httpd stops functioning. here is the iptables --list

thanks in advance

Code: [ Select ]
[root@ff ~]# iptables --list
Chain INPUT (policy ACCEPT)
target   prot opt source        destination    
RH-Firewall-1-INPUT all -- anywhere       anywhere      

Chain FORWARD (policy ACCEPT)
target   prot opt source        destination    
RH-Firewall-1-INPUT all -- anywhere       anywhere      

Chain OUTPUT (policy ACCEPT)
target   prot opt source        destination    

Chain RH-Firewall-1-INPUT (2 references)
target   prot opt source        destination    
ACCEPT   all -- anywhere       anywhere      
ACCEPT   icmp -- anywhere       anywhere      icmp any
ACCEPT   ipv6-crypt-- anywhere       anywhere      
ACCEPT   ipv6-auth-- anywhere       anywhere      
ACCEPT   udp -- anywhere       224.0.0.251     udp dpt:mdns
ACCEPT   udp -- anywhere       anywhere      udp dpt:ipp
ACCEPT   tcp -- anywhere       anywhere      tcp dpt:ipp
ACCEPT   all -- anywhere       anywhere      state RELATED,ESTABLISHED
ACCEPT   tcp -- anywhere       anywhere      state NEW tcp dpt:ssh
  1. [root@ff ~]# iptables --list
  2. Chain INPUT (policy ACCEPT)
  3. target   prot opt source        destination    
  4. RH-Firewall-1-INPUT all -- anywhere       anywhere      
  5. Chain FORWARD (policy ACCEPT)
  6. target   prot opt source        destination    
  7. RH-Firewall-1-INPUT all -- anywhere       anywhere      
  8. Chain OUTPUT (policy ACCEPT)
  9. target   prot opt source        destination    
  10. Chain RH-Firewall-1-INPUT (2 references)
  11. target   prot opt source        destination    
  12. ACCEPT   all -- anywhere       anywhere      
  13. ACCEPT   icmp -- anywhere       anywhere      icmp any
  14. ACCEPT   ipv6-crypt-- anywhere       anywhere      
  15. ACCEPT   ipv6-auth-- anywhere       anywhere      
  16. ACCEPT   udp -- anywhere       224.0.0.251     udp dpt:mdns
  17. ACCEPT   udp -- anywhere       anywhere      udp dpt:ipp
  18. ACCEPT   tcp -- anywhere       anywhere      tcp dpt:ipp
  19. ACCEPT   all -- anywhere       anywhere      state RELATED,ESTABLISHED
  20. ACCEPT   tcp -- anywhere       anywhere      state NEW tcp dpt:ssh
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

http://lists.netfilter.org/pipermail/ne ... 59524.html

That site contains a possible solution to your problem.
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

What are you using to generate the rules? The *best* way to assign firewall rules is by creating a script with your iptables commands and making it to run at boot time. Doing this, you have an easy to access and edit file where you can plainly see what's going on. "iptables -L" is only vaguely informative.

You need to reverse your policy. Your chains should default to "DENY" instead of "ACCEPT", to do this:
Code: [ Select ]
/sbin/iptables -P INPUT DROP
/sbin/iptables -F INPUT
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -F OUTPUT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F FORWARD
  1. /sbin/iptables -P INPUT DROP
  2. /sbin/iptables -F INPUT
  3. /sbin/iptables -P OUTPUT DROP
  4. /sbin/iptables -F OUTPUT
  5. /sbin/iptables -P FORWARD DROP
  6. /sbin/iptables -F FORWARD


I suggest you take a look at The IP Masquerading Howto, as this contains quite a bit of information on using iptables.

Finally, the problem probably isn't even to do with iptables. Have you allowed apache and port 80 in selinux?
Code: [ Select ]
grep denied /var/log/audit/audit.log

A quite exhaustive SeLinux FAQ can be found at http://docs.fedoraproject.org/selinux-faq-fc5/

Post Information

  • Total Posts in this topic: 3 posts
  • Users browsing this forum: No registered users and 37 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.