High, high ... * Ishwar Rattan ishwar@pali.cps.cmich.edu schrieb am [05.12.05 17:45]:
On Sun, 4 Dec 2005, Kai Wilke wrote:
Sorry for my english kwfirewall starts from ppp, script /etc/ppp/ip-up.d/1kwfirewall. 1kwfirewall starts the Script /etc/init.d/kwfirewall start. /etc/init.d/kwfirewall starts /sbin/kwfirewall_start. The script kwfirewall_starts configurate all tcp/udp ports from configurations file /etc/kwtools/firewall.cf.
I have the manpage from firewall.cf appended. This is in the Release kwtools-0.4.2 to come and config is extended. See man -l firewall.5
Your English is fine. Let me rephrase my question. I want to use a rules similar to:
Tahnk you:)
/sbin/iptables -A INPUT -j ACCEPT -i ppp0 -m state --state \ ESTABLISHED,RELATED /sbin/iptables -A INPUT -p icmp -j ACCEPT -i ppp0 -m state --state NEW
Oh je. In Script /sbin/kwfirewall_start at line 170 is the chain icmp_acc defined. At the Line 262 - 269 is the chain for every interface defined. $IPTABLES -A icmp_acc -p icmp --icmp-type destination-unreachable \ -j ACCEPT $IPTABLES -A icmp_acc -p icmp --icmp-type source-quench -j ACCEPT $IPTABLES -A icmp_acc -p icmp --icmp-type time-exceeded -j ACCEPT $IPTABLES -A icmp_acc -p icmp --icmp-type echo-request -j ACCEPT $IPTABLES -A icmp_acc -p icmp --icmp-type echo-reply -j ACCEPT $IPTABLES -A icmp_acc -j LOG --log-prefix "ICMP-ACC " \ -m limit --limit 4/m $IPTABLES -A icmp_acc -j DROP # At the line 458 - 479 is the chain int_in (from Internet to Router/Lokalhost defined) defined. Change this to: $IPTABLES -A int_in -p icmp -j icmp_acc -m state \ --state ESTABLISHED,RELATED $IPTABLES -A int_in -p icmp -j icmp_acc -m state \ --state NEW $IPTABLES -A int_in -j LOG --log-prefix "INT-IN " \ -m limit --limit 4/m $IPTABLES -A int_in -j DROP
Can you me this to explain? Why you needs this? I'm straightly out from this topic.
kind regards, Kiste