iptables initialization

I am experimenting with iptables, trying to build my own firewall based on the book Linux Firewalls
(2nd edition; a very good book, BTW, IMHO). My "standard" firewall is gShield.rc.

I was having no luck in my experimenting getting any of my private LAN computers to connect to the
firewall/router, even though I was using rules like:

iptables -A INPUT -s <the lan client> -d <firewall machine> -j ACCEPT
iptables -A OUTPUT -s <firewall machine> -d <the lan client> -j ACCEPT

which should've, I think, allowed some form of connection.

Deciding I'd done enough experimenting for the day, I re-ran gShield... and found I still had no
connectivity between LAN clients and firewall (everything was working fine before I began
experimenting).

I finally ended up "restoring" things by rebooting the system.

My question is this: do I have to do something special to "initialize" iptables under linux-2.4.22?
What I was doing during my experimenting was:

iptables -F
iptables -t nat -F
iptables -t mangle -F

iptables --delete-chains
iptables -t nat --delete-chains
iptables -t mangle --delete-chains

before adding my experimental rules.

I've reconfigured and re-run gShield numerous times without rebooting, without losing connectivity,
so I know it's possible.

Thanx in advance for any advice or suggestions.

- Mark

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Mark

> having no luck in my experimenting getting any of my private LAN
> computers to connect to the firewall/router, even though I was using rules
> like:

I use Jay's Firewall - a very good and easy configurable firewall with a
dialog system. It supports e.g. DHCP, DNS and Routing.

You can find it on http://www.freshmeat.net (search for fw-jay)

mfg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAPb9yYsjXBFGzV80RAvyRAJ9vK6iUrsjMvMawzN6TYm 6PBIWN2QCdHs5+
7THGklnvUExN8mWrZNqnNXg=
=teO0
-----END PGP SIGNATURE-----

On Wed, 25 Feb 2004 18:06:31 -0800, Mark Olbert wrote:

> I am experimenting with iptables, trying to build my own firewall based
> on the book Linux Firewalls (2nd edition; a very good book, BTW, IMHO).
> My "standard" firewall is gShield.rc.
>
> I was having no luck in my experimenting getting any of my private LAN
> computers to connect to the firewall/router, even though I was using
> rules like:
>
> iptables -A INPUT -s <the lan client> -d <firewall machine> -j ACCEPT
> iptables -A OUTPUT -s <firewall machine> -d <the lan client> -j ACCEPT
>
> which should've, I think, allowed some form of connection.
>
> Deciding I'd done enough experimenting for the day, I re-ran gShield...
> and found I still had no connectivity between LAN clients and firewall
> (everything was working fine before I began experimenting).
>
> I finally ended up "restoring" things by rebooting the system.
>
> My question is this: do I have to do something special to "initialize"
> iptables under linux-2.4.22? What I was doing during my experimenting
> was:
>
> iptables -F
> iptables -t nat -F
> iptables -t mangle -F
>
> iptables --delete-chains
> iptables -t nat --delete-chains
> iptables -t mangle --delete-chains
>
> before adding my experimental rules.
>
> I've reconfigured and re-run gShield numerous times without rebooting,
> without losing connectivity,
> so I know it's possible.
>
> Thanx in advance for any advice or suggestions.
>
> - Mark


The -s and -d options are available only after you specify the protocol.


I can't help you with gShield much except.... gShield is run after the
system starts up right? Now, at that time, the tables are all empty, and the
default policy is "ACCEPT" for all of them. You might try to re-set to
this state before invoking gShield.