Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

iptables -C check command

 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help!
View previous topic :: View next topic  
Author Message
Stuibby
Guest





PostPosted: Sun May 22, 2005 4:06 pm    Post subject: iptables -C check command Reply with quote

Hi

Can anybody confirm for me - is there anything that has replaced the iptables check command -C? I'm a newbie to iptables & am wanting to test FORWARD rules allowing access from networks that I have no access to.

Anbody got any ideas how I would test this if there's no replacement for -C??

Much appreciated

Stuibby
Back to top
smita034



Joined: Tue Apr 26, 2005 2:13 pm
Posts: 29
Location: Rochester, Kent, UK

PostPosted: Mon May 23, 2005 10:00 am    Post subject: RE: iptables -C check command Reply with quote

You can list all the current rules using iptables -L it will split them into groups and output it quite neatly, as for testing it, only way i know of is to use it....

Hope that helps a little
_________________
Alex A. Smith
99% of all computer problems occur between the chair and keyboard
Back to top
View user's profile Send private message
jjmac
LXF regular


Joined: Fri Apr 08, 2005 2:32 am
Posts: 1996
Location: Sydney, Australia

PostPosted: Mon May 23, 2005 11:32 am    Post subject: RE: iptables -C check command Reply with quote

>>
Can anybody confirm for me - is there anything that has replaced the iptables check command -C? I'm a newbie to iptables & am wanting to test FORWARD rules allowing access from networks that I have no access to.
>>

There dosen't appear to be a dedecated check facility listed in the man page. But it sounds like it should have. Using some sought of loop-back facility i would think.

But i'm not sure if i'm following you with your reason.. I though a 'FORWARD'rule would be for passing on packets to another location. As would be used by a gateway. If you want to govern the access condition of other networks, wouldn't that involve the 'INPUT' chain first. And then the FORWARD target, depending on the kind of match. Or do you mean just passing on networks that you don't want to access your network ... if they should come by ???

I'd create a seperate chain for rule testing though. And insert an initial rule to jump to it in the FORWARD chain. Then you could just remove/insert that one rule to include the whole set in the testing chain.

I suppose, if you set it up for a specific external box/network, and use that as a specific rule match, that could pass for a testing method. You would just need a someone with their own network set up that they could lend.


jm

Code:


           -:-  If the system is the answer, then the question
                        must have been really stupid            -:-

_________________
http://counter.li.org
#313537

The FVWM wm -=- www.fvwm.org -=-

Somebody stole my air guitar, It happened just the other day,
But it's ok, 'cause i've got a spare ...
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help! All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast