Tiny Core Linux
General TC => General TC Talk => Topic started by: Ellus on January 21, 2012, 04:34:11 PM
-
Hello there,
I installed Iptables and made it "on boot", now I need to apply a rule and make it persistence.
for example: sudo iptables -P INPUT DROP.
I tried to add "/usr/bin/sudo /usr/local/sbin/iptables - P INPUT DROP" to bootlocal.sh but it hangs every-time before the desktop appears.
where is the mistake here?
Thanks in advance for your help.
-
Hi bassam
You don't need to use sudo in bootlocal.sh, and you should not need to specify the path to run
iptables. Maybe it's hanging because your network isn't up yet?
-
I have no idea to be honest whether the network is up or not when it stops, the only thing it shows is a movable "X pointer" and black screen.
Edit:I disabled the desktop at startup, and now my rule does apply.... I don't know what is the relation between iptables and X.
-
You should never use iptables - P INPUT DROP (e.g. you need to have a working loopback connection for most things to work).
Instead explicitly specify the NIC for which you want to block all input.
-
ok, the INPUT DROP rules was for testing only, so I tried "iptables -INPUT -i eth0 -p tcp -j ACCEPT" and it works fine.
Now I move further with my iptables rules.
Thanks a lot Hiro for your help.
-
To run iptables, it needs to be installed and in onboot.
To start the basic firewall each time Tinycore is started, add
/usr/local/sbin/basic-firewall
or
/usr/local/sbin/basic-firewall noprompt
to /opt/bootlocal.sh.
The basic firewall is a simple firewall which should suit most home users with a single computer connected to the internet.
To see the iptables setup, open the terminal and type
sudo iptables -vL
or
sudo iptables -vnL
If you are happy with the setup, use it as it is.
However, there may be some people who want to use different iptables rules, for example, those with a network connected to the internet.
I suggest these people modify the file which writes the iptables rules each time the computer is started, and make a new extension with the modified file.
I am not running tinycore at the moment, and can't remember exactly where the file is, but look in /tmp/tcloop/iptables. It may be in one of iptables' dependencies. You can read the file with a text editor.
There is an example of making a new extension here.
http://wiki.tinycorelinux.net/wiki:printer_setup_using_cups (http://wiki.tinycorelinux.net/wiki:printer_setup_using_cups)
If anyone can give the exact path to the file to modify, please share.
-
Thanks Guy,
I found the basic-firewall rules in /tmp/tcloop/iptables/usr/local/sbin/basic-firewall...so are you suggesting to modify the file "basic-firewall" and then "squashfs" to have a new iptables extension with the modified rules? or to have a "setting extension" to restore that modified file only?
- Isn't it easier to copy the content of that file,modify it as per your need then save it for example in "persistence opt" /opt/myfirewall.sh and add a new line to bootlocal.sh to run it every-time at startup?
-
Hi bassam
- Isn't it easier to copy the continent of that file,modify it as per your need then save it for example in "persistence opt" /opt/myfirewall.sh and add a new line to bootlocal.sh to run it every-time at startup?
You could do that.