Question about iptables in edgy
The enigma
enigma at rick-net.com
Mon Feb 26 23:42:47 UTC 2007
On Mon, 2007-02-26 at 13:58 -0500, Jeffrey F. Bloss wrote:
> The enigma wrote:
>
> > This is probably a silly question, but I'm rather new to Linux. Does
> > iptables file start by default with Ubuntu edgy? I just configured a
> > simple firewall called lokkit, and I checked to see if the chain entry
> > took, and it did. Now I just want to know by starting my machine,
> > booting into gnome desktop, does the iptables file configure the
> > chains within the boot routine by default, or do I have to set up a
> > command, like in the menu.lst file in grub, to use the iptables upon
> > boot up. I know, I know.. I don't really need a firewall, and lokkit
> > is not the most secure, I have a stand alone machine connected to a
> > high-speed ISP. I'm just slightly, the paranoid type (probably from
> > using Windows all these years).
>
> The short answer to your question is "yes".
>
> The long answer...
>
> It might help to understand that Lokkit isn't a firewall, nor is
> iptables. The firewall is named 'netfilter', and it loads every time
> Linux loads. It's part of the Linux kernel itself for all intents and
> purposes. By default it loads with no rules though, and passes all
> traffic in both directions.
>
> Iptables is nothing more than a (barely) human readable way to add and
> remove rules in real time. Lokkit builds on top of that, making the
> process a little more human friendly with a simple GUI and a specific
> way to save and reload rules.
>
> There's two common ways to get netfilter to do something useful
> automatically. A script that calls iptables multiple times to load rules
> one by one, or a script that uses iptables-restore to load a whole set
> of rules previously saved with iptables-save. Lokkit uses the former I
> believe.
>
> Lokkit installs an init script at /etc/init.d/lokkit, which in turn
> calls another 'lokkit' script in /etc/default (if memory serves). It
> also creates the proper symlinks in various /etc/rc*.d directories to
> run the whole mess at relevant runlevel startups, and load your firewall
> rules when necessary.
>
> Whether or not all that actually happens is another matter. ;)
>
> If you want to check, reboot, open a terminal, and invoke 'sudo iptables
> --list'. The password it asks fro is yours. If the gibberish it outputs
> says much more than "Chain XXXXX (Policy ACCEPT)" a couple/three times
> then something is in deed loading you a set of firewall rules.
>
> Whether that rule set is what you want or even useful, is... another
> matter. :O)
>
Thanks. I'm new to Linux, and scripting, so I figured I try this for
now. I probably don't really need it, but, what the heck,
experimentation and questions is how you learn!
--
~ Rick D.
Evolution Email
Live free or die.
+Linux+
More information about the ubuntu-users
mailing list