David Merriman wrote:
> Okay, I've been beating my head against the wall on this (makes a VERY
> hollow 'clonk' sound), read, re-read, re-re-read appropriate section(s)
> from Red Hat Linux 9 Bible, faqs, how-to's, and more and *still* can't
> get it straight.
>
> On a i586 Red Hat 9 installation, I'm *trying* to run psad, but it keeps
> kvetching about no 'drop' lines in the iptables
> (/etc/sysconfig/iptables) that lokkit create(s). I've tried following
> the instructions in the complaint, but the added line(s) never show up
> in lokkit's iptables file.
>
> I would really like to:
> a> figure out where iptables-save -c is putting the iptables file it uses;
Tempted to say RTFM.
However as I'm feeling nice today, the command outputs them to the stdout so
you have to redirect to where ever you want to save them. Then to put them
back in you could use iptables-restore which reads from stdin so again you
would need to redirect.
> b> add the 'drop' and 'log' lines to my iptables file (manually editing
> what lokkit did, if necessary);
lokkit stores the iptables rules in /etc/sysconfig/iptables, however I have
problems getting the lokkit scripts to handle perfectly legal log rules I
added to this file, so I don't use the bloody thing anymore, instead I use
my own iptables script which works perfectly well.
> c> find out what the dickens is going on between iptables (the
> command/daemon) and lokkit.
Good luck.
The only thing I can see that lokkit actually does is provide 3 levels of
security which are so base it's not worth using (IMHO). I think the only
thing it really does is to add the dns address in to the tables but you can
easily do this yourself in your own scripts.
It is not to difficult to modify the /etc/rc.d/init.d/iptables script to use
your own iptables script so that you still hav the benefit of the init.d
boot mechanism or simply replace it with your own iptables script in
init.d.
>
> Can anyone out there shed some light on my darkness?
>
> Dave Merriman
|
Similar Threads
Linear Mode
