I get a strange reading now from my iptables since I installed firestarter. Can I restore my iptables somehow? When I type (as root) /sbin/iptables-restore my pc just sits there until I interrupt it with CTRL-C.

This is what /sbin/iptables -L -v gives:

Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any dslrouter anywhere tcp flags:!SYN,RST,ACK/SYN
706 93004 ACCEPT udp -- any any dslrouter anywhere
0 0 ACCEPT tcp -- any any dslrouter anywhere tcp flags:!SYN,RST,ACK/SYN
0 0 ACCEPT udp -- any any dslrouter anywhere
0 0 ACCEPT all -- any any clock2.redhat.com anywhere
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:33270
0 0 DROP udp -- any any anywhere anywhere udp dpt:33270
70 3826 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT icmp -- any any anywhere 192.168.1.0/24 limit: avg 10/sec burst 5
348 181K NR all -- eth0 any !192.168.1.0/24 anywhere
0 0 LD tcp -- any any anywhere 192.168.1.0/24 tcp dpt:31337 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere 192.168.1.0/24 udp dpt:31337 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere 192.168.1.0/24 tcp dpt:33270 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere 192.168.1.0/24 udp dpt:33270 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere 192.168.1.0/24 tcp dpt:1234 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere 192.168.1.0/24 tcp dpt:6711 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere 192.168.1.0/24 tcp dpt:16660 flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere 192.168.1.0/24 tcp dpt:60001 flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere 192.168.1.0/24 tcp dpts:12345:12346 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere 192.168.1.0/24 udp dpts:12345:12346 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere 192.168.1.0/24 tcp dpt:135 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere 192.168.1.0/24 udp dpt:135 limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere 192.168.1.0/24 tcp dpt:ingreslock limit: avg 2/min burst 5
0 0 LD tcp -- any any anywhere 192.168.1.0/24 tcp dpt:27665 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere 192.168.1.0/24 udp dpt:27444 limit: avg 2/min burst 5
0 0 LD udp -- any any anywhere 192.168.1.0/24 udp dpt:31335 limit: avg 2/min burst 5
0 0 LD all -- any any BASE-ADDRESS.MCAST.NET/8 anywhere
0 0 LD all -- any any anywhere BASE-ADDRESS.MCAST.NET/8
0 0 LD all -- any any 255.255.255.255 anywhere
0 0 LD all -- any any anywhere 0.0.0.0
0 0 DROP all -- any any anywhere anywhere state INVALID
0 0 LD all -f any any anywhere anywhere limit: avg 10/min burst 5
0 0 ACCEPT tcp -- eth0 any anywhere anywhere tcp dpts:bootps:bootpc
0 0 ACCEPT udp -- eth0 any anywhere anywhere udp dpts:bootps:bootpc
0 0 LD tcp -- any any anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
348 181K STATE tcp -- any any anywhere 192.168.1.0/24 tcp dpts:1024:65535
0 0 ACCEPT udp -- any any anywhere 192.168.1.0/24 udp dpts:1023:65535
0 0 LD all -- any any anywhere anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy DROP 16 packets, 1216 bytes)
pkts bytes target prot opt in out source destination
70 3826 ACCEPT all -- any lo anywhere anywhere
0 0 LD tcp -- any any 192.168.1.0/24 anywhere tcp dpt:31337 limit: avg 2/min burst 5
0 0 LD udp -- any any 192.168.1.0/24 anywhere udp dpt:31337 limit: avg 2/min burst 5
0 0 LD tcp -- any any 192.168.1.0/24 anywhere tcp dpt:33270 limit: avg 2/min burst 5
0 0 LD udp -- any any 192.168.1.0/24 anywhere udp dpt:33270 limit: avg 2/min burst 5
0 0 LD tcp -- any any 192.168.1.0/24 anywhere tcp dpt:1234 limit: avg 2/min burst 5
0 0 LD tcp -- any any 192.168.1.0/24 anywhere tcp dpt:6711 limit: avg 2/min burst 5
0 0 LD tcp -- any any 192.168.1.0/24 anywhere tcp dpt:16660 flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
0 0 LD tcp -- any any 192.168.1.0/24 anywhere tcp dpt:60001 flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
0 0 LD tcp -- any any 192.168.1.0/24 anywhere tcp dpts:12345:12346 limit: avg 2/min burst 5
0 0 LD udp -- any any 192.168.1.0/24 anywhere udp dpts:12345:12346 limit: avg 2/min burst 5
0 0 LD tcp -- any any 192.168.1.0/24 anywhere tcp dpt:135 limit: avg 2/min burst 5
0 0 LD udp -- any any 192.168.1.0/24 anywhere udp dpt:135 limit: avg 2/min burst 5
0 0 LD tcp -- any any 192.168.1.0/24 anywhere tcp dpt:ingreslock limit: avg 2/min burst 5
0 0 LD tcp -- any any 192.168.1.0/24 anywhere tcp dpt:27665 limit: avg 2/min burst 5
0 0 LD udp -- any any 192.168.1.0/24 anywhere udp dpt:27444 limit: avg 2/min burst 5
0 0 LD udp -- any any 192.168.1.0/24 anywhere udp dpt:31335 limit: avg 2/min burst 5
0 0 LD all -- any any BASE-ADDRESS.MCAST.NET/8 anywhere
0 0 LD all -- any any anywhere BASE-ADDRESS.MCAST.NET/8
0 0 LD all -- any any 255.255.255.255 anywhere
0 0 LD all -- any any anywhere 0.0.0.0
0 0 DROP tcp -- any any anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
0 0 DROP all -- any any anywhere anywhere state INVALID
1115 110K all -- any any anywhere anywhere TTL match TTL == 64
1 96 ACCEPT icmp -- any eth0 192.168.1.0/24 anywhere
1114 110K ACCEPT all -- any any anywhere anywhere

Chain LD (137 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any anywhere anywhere LOG level info
0 0 DROP all -- any any anywhere anywhere

Chain NR (1 references)
pkts bytes target prot opt in out source destination
0 0 LD all -- eth0 any 0.0.0.0/8 192.168.1.0/24
0 0 LD all -- eth0 any 1.0.0.0/8 192.168.1.0/24
0 0 LD all -- eth0 any 2.0.0.0/8 192.168.1.0/24
...etc.

This happened to me too. You can find my solution in this thread (http://fedoraforum.org/forum/showthread.php?t=25287) .

i did not get same result as yours when i ran iptable......try shutting down firestarter and re-try again.

EDIITED...reason why i am not getting those results is because i am not running a server as it appears to me now.

I ran that script, jayemef. These are my iptables now...do they look ok?

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Granted I don't know much about iptables, but why don't you just use firestarter?

If you have firestarter running you sre supposed to turn iptables off.

Granted I don't know much about iptables, but why don't you just use firestarter?

If you have firestarter running you sre supposed to turn iptables off.



That's not true.. IPTABLES are used by firstarter - if you've hangout long enough with GOD you'll find this out :x

Hehehe! :D :D

I just use firestarter, I dont setup Iptables and I have no problems. Are you running the firewall that comes with fedora at the same time? Try to just run firestarter alone and see what happens.

firestarter messed up my iptables. I turned off that service and noticed that my iptables were not running anymore in the services (it said that firewall was off). I re-checked the iptables service box and then ran the script on the link above.

So, is my reading that I get now for iptables a good one? That script flushed my iptables, so the firewall that came with FC2 is now gone I would think.

Setting your firewall level with System Settings > Security Level, disabling the iptables service and starting the firewall service should get you back to where you were before.

Firestarter was meant to replace the firewall scripts as the frontend to iptables.

That's not true.. IPTABLES are used by firstarter - if you've hangout long enough with GOD you'll find this out :x Actually, genius, when you install firestarter it automatically disables the iptables service because having them both run is redundant. The firestarter service runs in its place.

You wouldn't know this becuase you rely on God to secure you pc
:rolleyes: FYI, I know far more than you could ever hope to learn about God. Read the Bible several time, have a spiritual experience, go to college, travel around the world and then you might be able to have a conversation with me about God. Until then just keep praying you pc is secure

Thanx for the information Jman! Looks like my pc is ready to be on 24//7 now!!