[wellylug] Gnome Stuffed

Rob Stockley mowgli at clear.net.nz
Sun Jul 6 20:23:05 NZST 2003


On Mon, 2003-06-30 at 16:47, Jethro Carr wrote:
> I undid all the configuration changes that I had done, & I found that
> when my firewall script was being run, gnome would do nothing for
> ages, when I removed the script, it loaded really fast
> 
> Does anyone have any idea? I've attached the script so you can see it.

Jethro,

As luck would have it I've just spent the afternoon setting up DHCP and
NAT at home. I've figured out how RH9 and Lokkit were maintaining the
iptables configuration and decided to bin Lokkit altogether. It didn't
really work for me because my server is without screen or keyboard.

Anyway I managed to get it all running quite quickly so I decided to
have a hack at your earlier firewall problem. I've attached a sample
iptables configuration for RH9 that together with the standard init.d
iptables script closely achieves what your script does. It worked on my
machine so I hope it does for you also.

I haven't experienced the slow-gnome problem you describe so can't help
there. Perhaps this will fix that also. We can live in hope eh?
-- 
Rob Stockley
Manawatu
New Zealand

An avid user of Linux
Visit http://www.linux.org

-------------- next part --------------
# RH9 Firewall/Gateway configuration
# /etc/sysconfig/iptables
# Written by Rob Stockley (mowgli at clear.net.nz)
# 06 July 2003

# Based on a shell script written by
# Jethro Carr (dodocaptain at paradise.net.nz)
# and posted on wellylug

# Installation (as root)
# cp /etc/sysconfig/iptables /etc/sysconfig/iptables.lokkit
# then save this file as /etc/sysconfig/iptables
# edit /etc/rc.d/rc.local and add the line
# echo 1 > /proc/sys/net/ipv4/ip_forward
# lastly run this command
# /sbin/services iptables restart

# Default Policies
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

# Allowing in-coming netbios and ping requests
-A INPUT -p tcp --sport 139 -j ACCEPT
-A INPUT -p tcp --dport 139 -j ACCEPT
-A INPUT -p icmp -j ACCEPT

# Allow established connections web->lan
-A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow all lan->web
-A FORWARD -i eth0 -o ppp0 -j ACCEPT
# Configure for Internet connection sharing
*nat
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT


More information about the wellylug mailing list