"Newsbox" <nospam_for_me_please@thanks.invalid> wrote in message
news:maydnSwRHsPrEe7enZ2dnUVZ_tydnZ2d@acadia.net.. .
> On Thu, 10 Nov 2005 14:33:23 +0000, Doug Holtz NOSPAM in adress wrote:
>
>>
>> Thanks for the update. When I ran rpm -e ipchains I get a notice that it
>> depends on lokkit and can't continue.
>>
>> I ran sysconfig --list and see ipchains and iptables.
>>
>> Maybe I will learn something as I sift thru inittab, etc.
>>
>> Doug
>
> Doug,
>
> If your ipchains depends on lokit then you probably need to disable lokit
> before you can disable ipchains (although I suppose it might be possible
> to _disable_ ipchains without bothering with lokit, IDK). Not sure if
> lokit will show up in chkconfig or not, as I never used it. You _do_ need
> to disable ipchains before you can enable iptables. Those two things would
> normally be best and most easily done with chkconfig. You really do not
> _need_ _to_ erase anything from the disk so long as the scripts are
> pointed at the right places.
>
> Depending on your network connection and your firewall rules, you may need
> to have your network (PPPoE and DHCP?) up before your NETFILTER iptables
> script can run. Many scripts will need to know the IP address before they
> will run. Going through the init stuff manually is a real pain and you're
> better off to use the provided utilities if they will do what you need.
> They (chkconfig especially) were written for good reasons.

I unloaded the ipchains program successfully with the nodep switch. Now I
have just iptables, but I can't get it to start. It is stopped. I need to
block 2 IP addresses that keep coming to my machine and either try to log on
or try and trick my web server to overflow and let them take control. In
the meantime I stopped SSH.

If I don't get an answer here on the board, I will bring up my HP server,
which is a clone to the DEC, and see how iptables is configured; I did
install in on the HP.

Doug