I was writing a script to set up my rules in ipchains. But before I got very far I tested it and its not even working at the simples level. Look at the cut and paste:


#!/bin/sh

echo "Starting Firewall"

# Section 1 Definitions
#................................................. ...............

IPADDR="0.0.0.0" # my netside ip address
LAN_1="10.0.0.0/16" # lan side private address range
LAN_IPADDR="10.0.0.1" # my lanside ip address
ANYWHERE="any/0" # any ip address
NAMESERVER_1="0.0.0.0" # primary dns server
NAMESERVER_2="0.0.0.0" # secondary dns server
LOOPBACK="127.0.0.0/8" # the standard loopback address and range
CLASS_A="10.0.0.0/8" # class A private network addresses and range
CLASS_B="172.16.0.0/12" # class B private network addresses and range
CLASS_C="192.168.0.0/16" # class C private network addresses and range
CLASS_D_MULTICAST="224.0.0.0/4" # class D multicast addresses and range
CLASS_E_RESERVED_NET="240.0.0.0/5" # class E reserved addresses and range
BROADCAST_SRC="0.0.0.0" # broadcast source address
BROADCAST_DEST="255.255.255.255" # broadcast destination address
PRIVPORTS="0:1023" # privileged port range
UNPRIVPORTS="1024:65535" # unprivileged port range
TRACEROUTE_SRC_PORTS="32769:65535" # traceroute sorce ports
TRACEROUTE_DEST_PORTS="33434:33523" # traceroute sorce ports

# Section 2 Basic Start Up
#................................................. ................

echo "Flushing any existing rules from all chains"
ipchains -F

OK when I run this it says.
Starting Firwall
FLushing and existing rules from all chains
ipchains: Unknow chain

thanks guys

------------------
Groundzer0......
Please stop me before I format again. (Im a Serial Formater)

There are 3 different chains you will need to work with, INPUT, OUTPUT and FORWARD. Your line there doesn't define which chain to flush, change it to one of these, or all if you want a complete flush.

ipchains INPUT -F
ipchains OUTPUT -F
ipchains FORWARD -F


the input chain filters what is coming in from the internet to your box, the output chains filters what's going out from your box to the internet and the forward chain restricts what can move from one subnet to another...

Good Luck and Have Fun...

{c}guy

correction, in syntax change that from:

ipchains INPUT -F

to

ipchains -F INPUT

ECT...

If i type ipchains -F in a Xterm it works fine why not in the script

good question, it shouldn't be any different..

dunno the answer to that one, just that i have a firewall script and that's the commands I use to flush the ruleset myself

http://www.linux-firewall-tools.com/linux/firewall/index.html
its has a nice perl interface to configure your firewall script