[BlackHorseman]

Hi,

I'm reading an online book about iptables now, and I've reached a part requiring me to make certain configurations to the kernel, however, I'm not sure exatly what they are talking about.

http://www.linuxtopia.org/Linux_Fire...bles/x651.html

Could anyone point me in the right direction?

Thanks,
Daniel.

[lotuseclat79]

Hi Daniel,

If you are compiling the Linux kernel from source code, then follow the directions on that website for which your post provides a link.

If you are not compiling the Linux kernel - all recent distros of Linux (2.6 version kernel) come with Netfilter and Iptables capability, but you have to install the rc.firewall.txt script into /etc as the file named firewall.bash and change (edit) the /bin/sh to /bin/bash on the first line - this is because bash is the default shell on Linux.

Also, you need to install the following file named firewall into /etc/init.d in order to be able to start the installation of the iptables rules in the firewall.bash script on bootup:
file name: /etc/init.d/firewall:
------------cut here----------
#!/bin/bash

RETVAL=0

# To start the firewall
start() {
echo -n "Iptables rules creation: "
/etc/firewall.bash
RETVAL=0
}

# To stop the firewall
stop() {
echo -n "Removing all iptables rules: "
/etc/flush_iptables.bash
RETVAL=0
}

case $1 in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
/sbin/iptables -L
/sbin/iptables -t nat -L
RETVAL=0
;;
*)
echo "Usage: firewall {start|stop|restart|status}"
RETVAL=1
esac

exit
----------cut here---------

You can manually start up the firewall script by issuing the following command after you have installed the above:
(as root account):
# /etc/init.d/firewall start
(as regular user)
$ sudo /etc/init.d/firewall start

Corresponding to the above manual commands, there might need to be an additional script with the (as root account) version of the manual command in one of the /etc/rc3.d files toward the end of booting up (hopefully prior to bringing up your network connection). Just edit (as root) a new file named S50firewall so to bring it up prior to S50NetworkManager.

Note: scripts need to be executable, so execute the chmod +x <file> command against the script files.

-- Tom

[BlackHorseman]

Hi,

Does /etc/init.d correspond to the startup folder in Windows?
I'll reread what you wrote until I figure it all out, but what about the definitions listed on that page I linked to? How do I change them? Do I need to recompile the kernel in order to do that?

D.

[lotuseclat79]

Quote:

Originally Posted by BlackHorseman

Hi,

Does /etc/init.d correspond to the startup folder in Windows?
I'll reread what you wrote until I figure it all out, but what about the definitions listed on that page I linked to? How do I change them? Do I need to recompile the kernel in order to do that?

D.

Hi Daniel,

What I wrote was relevant only for a Linux installation - not Windows.

If you download and burn to CD any available Linux distribution, it likely has already compiled the kernel to produce the release's image - i.e. the web page you linked to was giving advice for advanced users that prefer to get the latest kernel changes and test them out. It is likely, since you are a n00b to Linux, that you should not need to compile the kernel to install Linux. Thus you do not need to pay attention to that web page.

Instead, what I recommend is that you explore some of the web pages in this forum for threads that ask what Linux distribution to select. Then download the Live CD latest release of that distribution and burn it to CD. Then edit your BIOS (only if you can't already boot up from a CD in order to do so), and boot off of the Live CD - without any need to install Linux on your hard drive.

If you intend on installing Linux, then first learn how to repartition your hard drive in order to resize your existing Windows partition, and be able to safely install Linux without distrubing your Windows installation. You can even learn how to make your newly repartitioned hard drive with both Windows and Linux installed into a dual-boot setup (Read member Saikee's threads in this forum on that topic).

With the use of a Live CD Linux distribution - you can try several before you decide, you will have the opportunity to explore the use of Linux before making any major decisions in your computing setup - and hopefully avoid any of the problems caused mostly by users who think they know what they are doing with Linux, when, in fact, they do not which usually results in them trashing their Windows installation.

-- Tom

[BlackHorseman]

Hello Tom,

I'm talking to you from a Linux installation, man : )

I was just wondering about the meaning of putting a file in /etc/init.d - would it behave similarly in any way to files put in the startup folder in M$ Windaz?

OK, I getit about that options page - it is for users who wanna compile their own kernel with certain options set. I take it it would be impossible to change those settings after you've already installed Ubuntu, right? What about adding (or editing) a hypothetical iptables config file with those options set and make it somehow be applied when iptables starts?

As for that online book about iptables - what I like about it is that it is very in-depth and detailed. Of course it suffers from the everpresent Linux documentation affliction - at a certain point the text can suddenly become Chinese....

D.

[lotuseclat79]

Quote:

Originally Posted by BlackHorseman

Hello Tom,

I'm talking to you from a Linux installation, man : )

I was just wondering about the meaning of putting a file in /etc/init.d - would it behave similarly in any way to files put in the startup folder in M$ Windaz?

OK, I getit about that options page - it is for users who wanna compile their own kernel with certain options set. I take it it would be impossible to change those settings after you've already installed Ubuntu, right? What about adding (or editing) a hypothetical iptables config file with those options set and make it somehow be applied when iptables starts?

As for that online book about iptables - what I like about it is that it is very in-depth and detailed. Of course it suffers from the everpresent Linux documentation affliction - at a certain point the text can suddenly become Chinese....

D.

Hi Daniel,

Putting a file into /etc/init.d only locates the file there - nothing is done (executed) regarding the file until there is some mechanism put into place to activate it - thus, until you put an executable script file into /etc/rc3.d as I described which would activate the firewall bash script - nothing is done. So, in fact it separates the action of execution from the locating of the file in /etc/init.d. Nothing like the Windoz startup folder.

After you install Linux - any distro - you can setup a directory in which to locate the latest source code for the kernel, and then you can begin to use the information in the linked page you posted to compile the kernel - presuming you have the tool-chain necessary to compile the kernel installed.

Why not try to put into place the firewall script file to activate iptables rules and add the executable script to execute it to /etc/rc3.d as I already mentioned. I recommend you do this and test out whether iptables rules exist by issuing the command:
$ sudo iptables -L -n -v
before and after you try my suggestion. If afterward you see that the output has activated the iptables rules (i.e. before should produce very little output which tells you that there are no rules activated) then you will know if the configuration variables were set for the compilation of the Linux kernel you have installed - this is very likely IMO.

Give it a go to see what happens. Trust that everyone starts out knowing something new from the same starting line, and that you can incrementally learn by asking yourself relevant questions (as you have) and can seek out the answers. Give it time - you will learn, and the "Chinese" will dissolve into knowledge that you understand.

-- Tom

[BlackHorseman]

I will give it a try.
But I'll try to learn as much as possible about the commands and other objects you referred to before that. I need to broaden my horizons in general in Linux. I'll start with an extensive document explaining bash.

Will be back to report when I do the actual fix.

Thanks,
Daniel.

[BlackHorseman]

Hello again,

The issue seems to have resolved itself. Firefox is working again.
I've uninstalled flashblock in Synaptic Package Manager but it still shows as an active add-on in Firefox. I'll just not touch it for now. Maybe, if there was a bug in the flashblock update, there will also be a fix for it.

Thanks for your help : )
D.

[BlackHorseman]

Ug....

This was supposed to go under the Firefox thread, sorry.

D.