debugging rc.firewall - Mark Tessier

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mark Tessier <mt@open2web.com>
To: Netfilter Mailing List <netfilter@lists.samba.org>
Subject: debugging rc.firewall
Date: Tue, 18 Jun 2002 13:06:39 -0400	[thread overview]
Message-ID: <20020618130639.2ec22286.mt@open2web.com> (raw)

In trying to debug rc.firewall on a gateway/firewall between a LAN subnet and DMZ subnet, I've put in the following

iptables -A INPUT -i eth1 -j LOG

immediately after iptables --policy INPUT DROP

This goes the same for the forward policy. I've checked /var/log/messages and nothing is written to it. In this rc.firewall script, the "reset chains and set policies" section is near the beginning, after the "set up enviro variables" section and the "enable kernel monitoring support" section. This is what the 

# Reset chains and set policies

# Remove any existing rules from all chains
iptables -t filter --flush
iptables -t nat --flush
iptables -t mangle --flush

# Set traffic on the loopback interface to unlimited
iptables -A INPUT -i $LOOPBACK_INTERFACE -j ACCEPT
iptables -A OUTPUT -o $LOOPBACK_INTERFACE -j ACCEPT

# Set the default policy to drop
iptables --policy INPUT DROP
iptabes -A INPUT -i $LAN_IPADDR -j LOG 
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
iptables -A FORWARD -i $LAN_IPADDR -j LOG

iptables -t nat --policy PREROUTING DROP
iptables -t nat --policy OUTPUT DROP
iptables -t nat --policy POSTROUTING DROP

iptables -t mangle --policy PREROUTING DROP
iptables -t mangle --policy OUTPUT DROP

# Remove any pre-existing user-defined chains
iptables --delete-chain
iptables -t nat --delete-chain
iptables -t mangle --delete-chain

As mentioned my log messages are not registering in /var/log/messages and I'm not sure why. 

-- 
Thanks,

Mark

next             reply	other threads:[~2002-06-18 17:06 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-06-18 17:06 Mark Tessier [this message]
2002-06-18 17:30 ` debugging rc.firewall Nathan Cassano
2002-06-18 18:02 ` Antony Stone
2002-06-18 18:31   ` --set-mark limit Luiz Fernando T. Campos
2002-06-18 18:45     ` Antony Stone
2002-06-18 18:56       ` Luiz Fernando T. Campos
2002-06-18 18:52     ` Patrick Schaaf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20020618130639.2ec22286.mt@open2web.com \
    --to=mt@open2web.com \
    --cc=netfilter@lists.samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.