1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My iptables changes wont stay...How do I save?

Discussion in 'Sveasoft Firmware' started by sjm817, Sep 14, 2004.

  1. sjm817

    sjm817 Network Guru Member

    I'm using Satori 4 and getting to the Linksys with a telnet session. I just want to block an address range (a class C). I can get the iptables rule in there, but if I open the Linksys web management page, it removes the entry. I'm doing it like this:

    (none):[~]# iptables -A INPUT -s 12.34.56.0/24 -j DROP
    (none):[~]# nvram committ
    nvram_commit(): start
    nvram_commit(): end

    (none):[~]# iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    logdrop all -- anywhere anywhere state INVALID
    ACCEPT all -- anywhere anywhere state RELATED,EST
    LISHED
    ACCEPT all -- anywhere anywhere state NEW
    ACCEPT all -- anywhere anywhere state NEW
    DROP icmp -- anywhere anywhere
    DROP all -- anywhere anywhere
    DROP all -- 12.34.56.0/24 anywhere

    If I open the Linksys web management page, change anything (or nothing) and save, it clears my entry.

    I cant figure out how to enter a firewall rule from the web page cmd box either. It wont recognize ipchains.

    Thanks in advance for any help.
     
  2. sjm817

    sjm817 Network Guru Member

    Well, I figured out how to make it stick using the diagnostic cmd screen, but the rule doesn't work....
     
  3. Toxic

    Toxic Administrator Staff Member

    have you tried telnet or ssh?
     
  4. pkitester

    pkitester Network Guru Member

    Yeah, that diag screen is pretty bad. You can save commands to rc_startup and rc_firewall using it, but you have no idea what it is once it is saved. Seems like a badly implemented feature in this release.

    I think you are much better off just using telnet/ssh to get into the box.

    The use something like:

    nvram set rc_firewall='/usr/sbin/iptables -A INPUT -s 12.34.56.0/24 -j DROP'
    nvram commit
     
  5. sjm817

    sjm817 Network Guru Member

    Thanks. I've got it going now.
     
  6. spacejunk

    spacejunk Network Guru Member

    IPtables only working for 1 entry

    I am using this method

    nvram set rc_firewall='/usr/sbin/iptables -I FORWARD -s xxx.xxx.xxx.0/24 -d xx.xx.xx.0/24 -j DROP'
    nvram commit

    reboot. However only the last entry ever show up when I do a

    iptables -L -n

    I even tried entering several this way:
    nvram set rc_firewall='/usr/sbin/iptables -I FORWARD -s xxx.xxx.xxx.0/24 -d xx.xx.xx.0/24 -j DROP'
    nvram set rc_firewall='/usr/sbin/iptables -I FORWARD -s xxx.xxx.xxx.0/24 -d xx.xx.xx.0/24 -j DROP'
    nvram set rc_firewall='/usr/sbin/iptables -I FORWARD -s xxx.xxx.xxx.0/24 -d xx.xx.xx.0/24 -j DROP'
    nvram commit

    Still only the last one show up, I even tried putting the commit command after each line, but every time after a reboot, I only have one entry.

    What am I doing wrong???
     
  7. decourl

    decourl Guest

    multi-line nvram set

    rc scripts are multi-line text files.

    Try using semicolons between commands.

    nvram set rc_firewall='/usr/sbin/iptables -I FORWARD -s xxx.xxx.xxx.0/24 -d xx.xx.xx.0/24 -j DROP;/usr/sbin/iptables -I FORWARD -s xxx.xxx.xxx.0/24 -d xx.xx.xx.0/24 -j DROP;/usr/sbin/iptables -I FORWARD -s xxx.xxx.xxx.0/24 -d xx.xx.xx.0/24 -j DROP'

    -Lincoln
     

Share This Page