IP ADDRESS PERMISSIONS FOR LINUX

What file on a linux firewall allows ip address permissions, to allow
you to connect remotely to a network? I need to update the ip
addresses that my firewall currently lets in, i cant remember what
file it is?

Eireann Kelly <eireannkelly@hotmail.com> wrote:
: What file on a linux firewall allows ip address permissions, to allow
: you to connect remotely to a network? I need to update the ip
: addresses that my firewall currently lets in, i cant remember what
: file it is?

No single answer since you don't specify flavor of Linux or
firewall. In my case
it is "iptables" an dthe config file is /etc/rc.d/rc.firewall

Most likely you have a similar location under "etc"

If you have no idea where in etc it is for your setup, you might
try grep'ing for an IP adress that you know is allowed in.

Stan

--
Stan Bischof ("stan" at the below domain)
www.worldbadminton.com

Eireann Kelly wrote:
> What file on a linux firewall allows ip address permissions, to allow
> you to connect remotely to a network? I need to update the ip
> addresses that my firewall currently lets in, i cant remember what
> file it is?

If you are running a recent Red Hat distribution, it is
/etc/sysconfig/iptables

You probably do not wish to make this table yourself. Use
/sbin/iptables (man iptables) to do it.

It will probably have entries like these:

IPT=/sbin/iptables

################################################## ###############
# Clear the existing firewall rules #
################################################## ###############

$IPT -P INPUT DROP # Set default policy to DROP
$IPT -P OUTPUT DROP # Set default policy to DROP
$IPT -P FORWARD DROP # Set default policy to DROP
$IPT -F # Flush all chains
$IPT -X # Delete all userchains

for table in filter nat mangle
do
$IPT -t $table -F # Delete the table's rules
$IPT -t $table -X # Delete the table's chains
$IPT -t $table -Z # Zero the table's counters
done

################################################## ###############
# Rules for built-in chains #
################################################## ###############

$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -j BADIP
$IPT -A INPUT -j SHUN
$IPT -A INPUT -p ! icmp -j IN
$IPT -A INPUT -p icmp -j IN_ICMP
$IPT -A INPUT -j LDROP

$IPT -A OUTPUT -o lo -j ACCEPT
$IPT -A OUTPUT -j BADIP
$IPT -A OUTPUT -j SHUN
$IPT -A OUTPUT -p ! icmp -o $EXTDEV -s ! $EXTERNALIP -j LDROP
$IPT -A OUTPUT -p ! icmp -o $INTDEV -s ! $INTERNALIP -j LDROP
$IPT -A OUTPUT -p ! icmp -j OUT
$IPT -A OUTPUT -p icmp -j OUT_ICMP
$IPT -A OUTPUT -j LDROP


--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ Registered Machine 73926.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 9:25pm up 22 days, 6:51, 2 users, load average: 2.09, 2.14, 2.16

Eireann Kelly wrote:
> What file on a linux firewall allows ip address permissions, to allow
> you to connect remotely to a network? I need to update the ip
> addresses that my firewall currently lets in, i cant remember what
> file it is?

You should specify which Linux you are using
uname -a will give you the details needed.

You may be using ipchains or iptables
a way to see it :
ipchains-save and iptables-save
one will output all the rules in your current FW.

Hope that help
Gael