Iptables (and starting it)
Forum: Networking
Topic: Iptables (and starting it)
started by: Divago
Posted by Divago on Jan. 15 2008,15:11
Hi allagain with pointless question
now i'm setting an iptables on my dsl-n frugal installed system to block viewing some url (like "parental control"...)
i found iptables.dsl on dsl repositories
i downloaded it and put on /mydsl folder (same one where i put all .dsl extension i whanna autoload at startup)
rebooted
it says loaded iptables at startup
but
a) there is no /etc/sysconfig/iptables file
i created one by myself, from scratch (well, copying one from google
)b) there is no "/etc/init.d/iptables" script to start|stop|reload
so how can i start/stop/reload iptables?
c) i tried to launch
# iptables -L
but this is the answer:
| Code Sample |
FATAL: Module ip_tables not found. iptables v1.2.6a: can't initialize iptables table `filter': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. |
someone can point me where am i wrong?
(assuming i'm not really competent with linux nor iptables
)ty vm
Posted by Juanito on Jan. 15 2008,15:18
Looking at the error messages, it seems like the iptables.dsl extension contains one or more kernel modules (I say this without checking so I could be totally wrong) that are probably built for dsl (2.4.26 or 2.4.31) and so would not work with dsln (2.6.12)?
Posted by lucky13 on Jan. 15 2008,15:31
Juanito is correct. The iptables extension is kernel-specific and works only for 2.4.26.
Posted by curaga on Jan. 15 2008,15:52
Iptables does compile quite easily.To start it, most prefer creating their own script and running that from bootlocal.sh, /etc/sysconfig/iptables is a distro-specific way. Or most download the nice linux firewall script courtesy of projectfiles.com and then start that from bootlocal.sh
You can block sites without iptables, too:
Just add the url(s) of the site to /etc/hosts with an ip of 127.0.0.1, so they all point to yourself and unless you are running a web server, no getting to those pages.
Posted by roberts on Jan. 15 2008,16:21
| Quote (curaga @ Jan. 15 2008,07:52) |
| ... You can block sites without iptables, too: Just add the url(s) of the site to /etc/hosts with an ip of 127.0.0.1, so they all point to yourself and unless you are running a web server, no getting to those pages. |
My /etc/hosts has 2077 items listed.
Mostly to block ad, banner, and click servers.
It makes for a faster internet experience as I am not waiting for these other, not wanted, site connections.
Posted by Divago on Jan. 16 2008,14:17
| Quote (curaga @ Jan. 15 2008,10:52) |
;_;
ok so i cannot use iptables for dsl-n...
| Quote |
| You can block sites without iptables, too: Just add the url(s) of the site to /etc/hosts with an ip of 127.0.0.1, so they all point to yourself and unless you are running a web server, no getting to those pages. |
and i can also do the viceversa? i mean: allowing only 2 url and redirecting others to 127.0.0.1? (this is what i need to...
)
Posted by curaga on Jan. 16 2008,16:09
correction: iptables.dsl with can't be used with dsl-n. iptables can, if you can compile it.Sorry, /etc/hosts only works that way, it can't allow some and direct all others to something. Iptables is needed for that..
I think though that the iptables modules are included in DSL-N; not sure though. does
| Quote |
| find /lib/modules -name "*conntr*" |
Posted by Divago on Jan. 17 2008,13:26
| Quote (curaga @ Jan. 16 2008,11:09) | ||
I think though that the iptables modules are included in DSL-N; not sure though. does
|
nope, no output
Posted by curaga on Jan. 17 2008,15:22
Well, if the modules aren't included, you're facing building the kernel. Have you done it before?It's quite easy, you can use the default configuration as a base, just select the ip tables modules, and maybe remove stuff you don't need. If you compile for your processor, it will run faster too.
It's 2.6.13 patched with unionfs, I think.
Posted by Juanito on Jan. 17 2008,17:59
2.6.12
Posted by curaga on Jan. 18 2008,12:56
Oops, my bad
Posted by roberts on Jan. 18 2008,21:58
| Quote (Juanito @ Jan. 17 2008,09:59) |
| 2.6.12 |
Really, I did do a 2.6.19. I guess I never released it. I just booted it now and it is indeed a 2.6.19.
Posted by WDef on Jan. 18 2008,23:41
Here's one possibility for /etc/hosts:| Code Sample |
# block google analytics 127.0.0.1 www.google-analytics.com |
Although I haven't noticed as much of a slow down effect due to google-analytics as I used to, so this is not as important unless one objects to one's visit to a website being logged by google.
There was a time on one connection I had when google-analytics was simply _strangling_ the web. Seems to have improved a lot.
Any other faves for /etc/hosts blocking?
Posted by roberts on Jan. 19 2008,00:40
| Quote (WDef @ Jan. 18 2008,15:41) | ||
Here's one possibility for /etc/hosts:
Although I haven't noticed as much of a slow down effect due to google-analytics as I used to, so this is not as important unless one objects to one's visit to a website being logged by google. There was a time on one connection I had when google-analytics was simply _strangling_ the web. Seems to have improved a lot. Any other faves for /etc/hosts blocking? |
Yes. Take a look at < Block Adservers List > Then click on this "hosts file ready" < list >