help using ipchains

Tue Sep 4 21:30:57 PDT 2001

ipchains is the deprecated firewall tool in the old Linux kernel.  I highly
recommend learning Netfilter and iptables in the new Linux 2.4 kernel
instead.  I'll find you some good documentation on this later tonight when I
get back from school.

Is this for ottawa?  I enabled the built in lokkit firewall of Red Hat 7.1
that uses ipchains.  I allowed inbound TCP connections only on ports 22 and
80, SSH and http respectively.  While this is a very simple firewall, it
works fine for the purpose of a basic web server with very minimal effort.

"lsmod"
If this command lists ipchains, that means that the old 2.2 kernel firewall
kernel module is currently running.  That means that ipchains based
firewalls will work (like lokkit).  Red Hat enables the ipchains kernel
module and loads the lokkit rules when it runs /etc/init.d/ipchains at
boot-up.  Look at your system services in "setup" to see that it is enabled.
You can also reconfigure the lokkit settings in "setup" under Firewall
Configuration.  That program changes the text within the file
"/etc/sysconfig/ipchains", which are loaded when the script
"/etc/init.d/ipchains" is run.

The iptables modules cannot be loaded when ipchains is active, so you must
choice to use one.  The benefits of Netfilter/iptables are mainly when doing
real firewalls, NAT or static routing, where it has the potential with all
the enterprise level features of any expensive firewall product.  On the
down side, it is extremely difficult to learn to configure.  You don't need
this kind of powerful flexibility in a single machine, so stick with
ipchains and the built-in lokkit configuration for now.

On the down side, lokkit cannot make a firewall configuration that will work
for FTP logins if you are running an FTP server.  Well, that isn't a
problem, because you shouldn't be running the insecure FTP service anyway.

----- Original Message -----
From: "Ronnie" <rlivings at hawaii.edu>
To: "Linux & Unix Advocates & Users" <luau at list.luau.hi.net>
Sent: Tuesday, September 04, 2001 5:25 PM
Subject: [luau] Re: help using ipchains

> this is my output when i type "ipchains --list"
>
> Chain input (policy DENY):
> target    prot  opt    source        destination      ports
> icmp      icmp  ------ anywhere      anywhere         any->any
> DENY      icmp  ------ anywhere      172.128.0.10     echo-request
> DENY      icmp  ------ anywhere      172.128.0.10     echo-request
> ACCEPT    tcp   ------ anywhere      172.128.0.10     any->http
> ACCEPT    tcp   ------ anywhere      172.128.0.10     any->ssh
> DENY      all   ----l- anywhere      anywhere         n/a
> Chain forward (policy ACCEPT):
> Chain output (policy ACCEPT):
> Chain icmp (1 references):
> target    prot  opt    source        destination      ports
> ACCEPT    all   ------ anywhere      anywhere         n/a
>
> thanks,
> Ronnie
>