I recently upgraded to the 2.4.2 kernel and found that IPchains is now obsolete and I am supposed to now use IPtables (which from the man pages looks very similar to IPchains). I have (I beleve all that I should need compiled into the kernel) and when I type IPchains -L this is what I get:

[root@livecomputers /root]# iptables -L
iptables v1.2: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
[root@livecomputers /root]#

Any thoughts?

At the moment I am getting done what I need to (banning IPs) via route so I am fine for the moment but its kinda disheartenign that I can't get it to work!

PS: This is on a RH6.2 box

Try http://www.computerbits.com/archive/.../linux0002.htm

Its a good read on the iptables, with step by step instructions. Hope it helps.

Please post if you are successful or not. I haven't had a chance to get to my computer to work it out, so I'm just in the research stages of iptables myself.

Thankyou much for the resource but I'll have to admit it will be a few weeks before I can get to it! I'm a dual major at Oregon Institute of technology (Computer Hardware Engineering Technology, and Computer Software Engineering Technology) and its finals week starting next week so I'll be really busy for that and I'm getting the heck outta dodge for Spring Break so well I'm sure you understand!

Fair enough!

Sounds like I'll get to it first. I'll let you know how it worked.

Good luck on finals!

[Edited by billsabub on 03-17-2001 at 10:26 PM]

Another link:
http://www.boingworld.com/workshops/...bles-tutorial/

Thanks ugge

It looks even more in-depth. I like that.

I'll have to have it open in another window as I work out my tables. Hopefully today.

OK Brett,

I was successful after a few tweaks. Here's what I did:

http://www.linux-firewall-tools.com/...all/index.html

That will give you a ipchains based script (or use your old one).

I then used gnotepad+ to do some replacing of the ipchain commands with the iptables commands (e.g. DENY/DROP, input/INPUT, output/OUTPUT, forward/FORWARD, etc.).

Then I took some of the commands that were outlined in:

http://www.computerbits.com/archive/.../linux0002.htm

and placed them near the end of the script.

I saved the edited script as /etc/rc.d/init.d/firewall.

Then I changed my working directory to /etc/rc.d/init.d
and changed the permissions so that the firewall file is executable by all users (not sure if that was totally necessary, but it couldn't hurt).

Then I made symbolic links to that file:

#ln -s ../init.d/firewall S50firewall

for each of the runlevels to that file. So, for runlevels 2-5 (rc2.d - rc5.d), it looks similar to this:

S50firewall --> ../init.d/firewall

For runlevel 0,1, and 6, the link is:

K50firewall --> ../init.d/firewall

Once that was done I rebooted the system. During bootup it showed "Starting firewall" (so far, so good).

Once logged in to the system as root, I did:

#iptables -L

and the output did show that the firewall settings were active. So as far as I can tell right now I'm good to go. I will run it through third-party scanner in a bit.

Prior to that I manually input the iptable commands. When the computer was rebooted all of the commands were lost. That's why everything was placed in the init.d directory so that it would be loaded at boot-up.

Hope this helps. BTW, I'm sure you didn't need the verbose command stuff, but I figured if someone else runs across this it wouldn't hurt.

Good luck!!!

I'll have you know I have aced 2 of my finals so far! hehe!

One in Intel Assembly Language and the other in Programmable Logic Devices. Now I only have 2 more to go! Industrial Psychology and Data Structures using OOP in C++. FUN STUFF! Anyway thanks for the writeup! I'll have to give it a go next term when I have time!

When you did this did you compile it staticly into your kernel or do you load it as external modules?

If I could just get beyond this first bump things will go somewhat easily. But when I run iptables it pretty much ignores me and tells me that I dont have the right modules installed still. When I run iptables -L I still get this:

iptables v1.2: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

And I have all the stuff that the guy at http://www.boingworld.com wanted compiled directly into my kernel....

Brett,

I had the very same message showing up. I have Redhat 7.1 with the 2.4.2-2 kernel.

After doing some searching (this discussion being one of many found with people in a similar situation), I still couldn't find an answer. However, just 10 minutes ago, I decided to go look at the init scripts in /etc/init.d

I read the iptables init script, seen the usage, and just ran the following:

#: /etc/init.d/iptables start

And you know what? 'iptables --list' no longer gives me the error you mentioned! And 'lsmod' now shows the appropriate modules loaded (where before there was no mention of iptables)!

Now, I have yet to dissect the iptables init script to see why it was not starting, but I'll post something about it if I figure it out. I checked to see if it was 'on' (chkconfig --list | grep iptables) and it is set that way (for 2,3,4 and 5).

I wonder if you have the same problem?

Ah, more on this front.

The setup I mentioned earlier was at work, and now I am at home where I was having the very same problem (on an identical RedHat 7.1 Kernel 2.4.2-2 setup).

I tried following my own instructions from earlier, but they didn't work. I think I know why now.

iptables was not starting because RH7.1 installs ipchains as well, so they are mutually exclusive apparently. If you don't believe me, try 'ipchains --list' and see what it does; you may be surprised. So I do a 'chkconfig --list | grep ip' and low and behold, both ipchains and iptables shows up as 'on' for levels 2,3,4 and 5.

So, naturally I do 'chkconfig --level 2345 ipchains off' and then 'chkconfig --level 2345 iptables on'. Next I did '/etc/init.d/iptables start' but to no avail; 'iptables --list' still returns the same error message from earlier. I was going to cycle init levels back to where I should be to see if that changed things, but I had to shut down the machine anyways to install more RAM.

When I booted back up, 'iptables --list' returns its default ACCEPT policies and is running just fine now!

Isn't that just grand?

Well, I hope that helps you (if you haven't figured it out already of course).

hello friends,


I want to create a firewall in linux and currently i am using iptables but what is happening it wont allow large number of packets to be passed from it , the pc got hanged . if i use a packet generator tool and use it to my target pc having the fiirewall the pc got hanged.

so i am confused now what to do , is there any low level implementation of iptables like tool so that i can use it in my firewall .

waiting eagerly for the reply.

have a nice time and thanx for yr reading.
good day
om shanti.