systemctl status name-of-your-service
[root@eris ram]# systemctl status bastille
● bastille.service - SYSV: iptables packet filtering firewall
Loaded: loaded (/etc/rc.d/init.d/bastille; generated)
Active: active (exited) since Fri 2019-06-14 07:54:05 PDT; 4h 13min ago
Docs: man:systemd-sysv-generator(8)
Process: 1264 ExecStart=/etc/rc.d/init.d/bastille start (code=exited, status=0/SUCCESS)
Jun 14 07:54:05 eris bastille[1264]: Bad argument `DROP'
Jun 14 07:54:05 eris bastille[1264]: Try `iptables -h' or 'iptables --help' for more information.
Jun 14 07:54:05 eris bastille[1264]: done.
Jun 14 07:54:05 eris bastille[1264]: Setting up services audit rules... done.
Jun 14 07:54:05 eris bastille[1264]: Setting up ICMP rules... done.
Jun 14 07:54:05 eris bastille[1264]: Allowing traffic for established connections... done.
Jun 14 07:54:05 eris bastille[1264]: Setting up general rules... done.
Jun 14 07:54:05 eris bastille[1264]: Setting up outbound rules... done.
Jun 14 07:54:05 eris bastille[1264]: Enabling IP forwarding... done.
Jun 14 07:54:05 eris systemd[1]: Started SYSV: iptables packet filtering firewall.
doktor5000 wrote:FWIW. why run it as a legacy init script when you could also just write a systemd service unit for that ?
doktor5000 wrote:FWIW. why run it as a legacy init script when you could also just write a systemd service unit for that ?
You could make sure your configuration file exists and gets sourced as well ... For some more information see https://serverfault.com/a/413408/241255 or https://coreos.com/os/docs/latest/using ... units.html
[Unit]
Description=bastille.service - SYSV: iptables packet filtering firewall
[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/systemd/system/bastille.service.d/bastille-firewall.conf
ExecStart=/sbin/bastille-netfilter.service start
ExecStop=/sbin/bastille-netfilter.service stop
[Install]
WantedBy=multi-user.target
[root@eris ram]# systemctl status bastille.service
● bastille.service - bastille.service - SYSV: iptables packet filtering firewall
Loaded: loaded (/etc/systemd/system/bastille.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/bastille.service.d
└─bastille-firewall.conf
Active: active (exited) since Sun 2019-06-16 01:15:11 PDT; 3min 12s ago
Process: 837 ExecStart=/sbin/bastille-netfilter.service start (code=exited, status=0/SUCCESS)
Main PID: 837 (code=exited, status=0/SUCCESS)
Jun 16 01:15:10 eris bastille-netfilter.service[837]: Bad argument `DROP'
Jun 16 01:15:10 eris bastille-netfilter.service[837]: Try `iptables -h' or 'iptables --help' for more information.
Jun 16 01:15:10 eris bastille-netfilter.service[837]: done.
Jun 16 01:15:10 eris bastille-netfilter.service[837]: Setting up services audit rules... done.
Jun 16 01:15:10 eris bastille-netfilter.service[837]: Setting up ICMP rules... done.
Jun 16 01:15:11 eris bastille-netfilter.service[837]: Allowing traffic for established connections... done.
Jun 16 01:15:11 eris bastille-netfilter.service[837]: Setting up general rules... done.
Jun 16 01:15:11 eris bastille-netfilter.service[837]: Setting up outbound rules... done.
Jun 16 01:15:11 eris bastille-netfilter.service[837]: Enabling IP forwarding... done.
Jun 16 01:15:11 eris systemd[1]: Started bastille.service - SYSV: iptables packet filtering firewall.
doktor5000 wrote:What did systemctl status bastille.service -al -n50 look like after a reboot ? Also what does systemctl is-enabled bastille.service say ?
[root@eris ram]# systemctl status bastille.service -al -n50
● bastille.service - SYSV: iptables packet filtering firewall
Loaded: loaded (/etc/rc.d/init.d/bastille; generated)
Active: active (exited) since Sun 2019-06-16 06:50:30 PDT; 5min ago
Docs: man:systemd-sysv-generator(8)
Process: 1278 ExecStart=/etc/rc.d/init.d/bastille start (code=exited, status=0/SUCCESS)
Jun 16 06:50:29 eris systemd[1]: Starting SYSV: iptables packet filtering firewall...
Jun 16 06:50:29 eris bastille[1278]: Our local addresses are...
Jun 16 06:50:29 eris bastille[1278]: 127.0.0.1/8
Jun 16 06:50:29 eris bastille[1278]: : error fetching interface information: Device not found
Jun 16 06:50:29 eris bastille[1278]: Our trusted interface is lo
Jun 16 06:50:29 eris bastille[1278]: Our internal interface is enp0s17
Jun 16 06:50:29 eris bastille[1278]: Our internal network is
Jun 16 06:50:29 eris bastille[1278]: Kernel IP routing table
Jun 16 06:50:29 eris bastille[1278]: Destination Gateway Genmask Flags MSS Window irtt Iface
Jun 16 06:50:29 eris bastille[1278]: Setting up IP spoofing protection... done.
Jun 16 06:50:29 eris bastille[1278]: Setting up broadcast echo protection... done.
Jun 16 06:50:29 eris bastille[1278]: Setting up bad error message protection... done.
Jun 16 06:50:29 eris bastille[1278]: Setting up denial of service protection... done.
Jun 16 06:50:29 eris bastille[1278]: Disabling ICMP accept redirects... done.
Jun 16 06:50:29 eris bastille[1278]: Disabling ICMP send redirects... done.
Jun 16 06:50:29 eris bastille[1278]: Disabling source routed packets... done.
Jun 16 06:50:29 eris bastille[1278]: Setting up log-martians... done.
Jun 16 06:50:29 eris bastille[1278]: Allowing traffic from trusted interfaces... done.
Jun 16 06:50:29 eris bastille[1278]: Loading NAT modules... done.
Jun 16 06:50:29 eris bastille[1278]: Setting up DNAT and SNAT rules...iptables v1.8.2 (legacy): option "--to" requires an argument
Jun 16 06:50:29 eris bastille[1278]: Try `iptables -h' or 'iptables --help' for more information.
Jun 16 06:50:29 eris bastille[1278]: done.
Jun 16 06:50:29 eris bastille[1278]: Setting up chains for internal interface traffic... done.
Jun 16 06:50:29 eris bastille[1278]: Directing traffic to public interfaces... done.
Jun 16 06:50:30 eris bastille[1278]: Excluding private network traffic on public interfacess...Bad argument `limit'
Jun 16 06:50:30 eris bastille[1278]: Try `iptables -h' or 'iptables --help' for more information.
Jun 16 06:50:30 eris bastille[1278]: Bad argument `DROP'
Jun 16 06:50:30 eris bastille[1278]: Try `iptables -h' or 'iptables --help' for more information.
Jun 16 06:50:30 eris bastille[1278]: done.
Jun 16 06:50:30 eris bastille[1278]: Setting up services audit rules... done.
Jun 16 06:50:30 eris bastille[1278]: Setting up ICMP rules... done.
Jun 16 06:50:30 eris bastille[1278]: Allowing traffic for established connections... done.
Jun 16 06:50:30 eris bastille[1278]: Setting up general rules... done.
Jun 16 06:50:30 eris bastille[1278]: Setting up outbound rules... done.
Jun 16 06:50:30 eris bastille[1278]: Enabling IP forwarding... done.
Jun 16 06:50:30 eris systemd[1]: Started SYSV: iptables packet filtering firewall.
[root@eris ram]# /sbin/bastille-netfilter start
Our local addresses are...
68.167.251.142/32
10.0.0.1/32
127.0.0.1/8
Our gateway interface is enp0s16
Our trusted interface is lo
Our internal interface is enp0s17
Our default internet address is 68.167.251.142
Our gateway interface address is 68.167.251.141
Our internal network is 10.0.0.0/255.255.255.0
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default h-68-167-251-14 0.0.0.0 UG 0 0 0 enp0s16
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s17
68.167.251.140 0.0.0.0 255.255.255.252 U 0 0 0 enp0s16
Setting up IP spoofing protection... done.
Setting up broadcast echo protection... done.
Setting up bad error message protection... done.
Setting up denial of service protection... done.
Disabling ICMP accept redirects... done.
Disabling ICMP send redirects... done.
Disabling source routed packets... done.
Setting up log-martians... done.
Allowing traffic from trusted interfaces... done.
Loading NAT modules... done.
Setting up DNAT and SNAT rules... done.
Setting up chains for internal interface traffic... done.
Directing traffic to public interfaces... done.
Excluding private network traffic on public interfacess... done.
Setting up services audit rules... done.
Setting up ICMP rules... done.
Allowing traffic for established connections... done.
Setting up general rules... done.
Setting up outbound rules... done.
Enabling IP forwarding... done.
[root@eris ram]# systemctl is-enabled bastille.service
bastille.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install is-enabled bastille
enabled
[root@eris ram]# systemctl status bastille.service -al -n50
● bastille.service - SYSV: iptables packet filtering firewall
Loaded: loaded (/etc/rc.d/init.d/bastille; generated; vendor preset: enabled)
Active: active (exited) since Sun 2019-06-16 23:32:40 PDT; 3h 15min ago
Docs: man:systemd-sysv-generator(8)
Process: 1194 ExecStart=/etc/rc.d/init.d/bastille start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/bastille.service
Jun 16 23:32:35 eris systemd[1]: Starting SYSV: iptables packet filtering firewall...
Jun 16 23:32:36 eris bastille[1194]: Our local-addresses are...
Jun 16 23:32:36 eris bastille[1194]: 127.0.0.1/8
Jun 16 23:32:36 eris bastille[1194]: : error fetching interface information: Device not found
Jun 16 23:32:36 eris bastille[1194]: Our trusted interface is lo
Jun 16 23:32:36 eris bastille[1194]: Our internal interface is enp0s17
Jun 16 23:32:36 eris bastille[1194]: Our internal network is
Jun 16 23:32:38 eris bastille[1194]: Setting up IP spoofing protection... done.
Jun 16 23:32:38 eris bastille[1194]: Setting up broadcast echo protection... done.
Jun 16 23:32:38 eris bastille[1194]: Setting up bad error message protection... done.
Jun 16 23:32:38 eris bastille[1194]: Setting up denial of service protection... done.
Jun 16 23:32:38 eris bastille[1194]: Disabling ICMP accept redirects... done.
Jun 16 23:32:38 eris bastille[1194]: Disabling ICMP send redirects... done.
Jun 16 23:32:38 eris bastille[1194]: Disabling source routed packets... done.
Jun 16 23:32:38 eris bastille[1194]: Setting up log-martians... done.
Jun 16 23:32:39 eris bastille[1194]: Allowing traffic from trusted interfaces... done.
Jun 16 23:32:39 eris bastille[1194]: Loading NAT modules... done.
Jun 16 23:32:39 eris bastille[1194]: Setting up DNAT and SNAT rules...iptables v1.6.1: option "--to" requires an argument
Jun 16 23:32:39 eris bastille[1194]: Try `iptables -h' or 'iptables --help' for more information.
Jun 16 23:32:39 eris bastille[1194]: done.
Jun 16 23:32:39 eris bastille[1194]: Setting up chains for internal interface traffic... done.
Jun 16 23:32:39 eris bastille[1194]: Directing traffic to public interfaces... done.
Jun 16 23:32:39 eris bastille[1194]: Excluding private network traffic on public interfacess...Bad argument `limit'
Jun 16 23:32:39 eris bastille[1194]: Try `iptables -h' or 'iptables --help' for more information.
Jun 16 23:32:39 eris bastille[1194]: Bad argument `DROP'
Jun 16 23:32:39 eris bastille[1194]: Try `iptables -h' or 'iptables --help' for more information.
Jun 16 23:32:39 eris bastille[1194]: done.
Jun 16 23:32:39 eris bastille[1194]: Setting up services audit rules... done.
Jun 16 23:32:39 eris bastille[1194]: Setting up ICMP rules... done.
Jun 16 23:32:39 eris bastille[1194]: Allowing traffic for established connections... done.
Jun 16 23:32:40 eris bastille[1194]: Setting up general rules... done.
Jun 16 23:32:40 eris bastille[1194]: Setting up outbound rules... done.
Jun 16 23:32:40 eris bastille[1194]: Enabling IP forwarding... done.
Jun 16 23:32:40 eris systemd[1]: Started SYSV: iptables packet filtering firewall.
PATH=/bin:/sbin:/usr/bin:/usr/sbin
IPTABLES=/sbin/iptables
CONFIG=/etc/sysconfig/bastille-firewall.cfg
#
if [ ! -x ${IPTABLES} ]; then
echo "ERROR: \"${IPTABLES}\" does not exist!"
exit 1
fi ;
#
if [ ! -f ${CONFIG} ]; then
echo "ERROR: Unable to read configuration file \"${CONFIG}\"!"
exit 1
fi ;
#
# Source the configuration file, which will set environment variables.
. ${CONFIG}
#
if [ -z "${REJECT_METHOD}" ]; then
echo "ERROR: No reject method specified!"
exit 1
fi ;
#
# Computed values
#
# These things should be queried/computed at run time
#
# LOCAL_ADDRESSES
#
# LOCAL_ADDRESSES lists all IP addresses for this server
# (for the INTERNAL_SERVICES rules); if you have virtual
# network devices, you may want to hand-code this, e.g.
# LOCAL_ADDRESSES="127.0.0.0/8"
#
# The following makes a list of all current IP addresses
LOCAL_ADDRESSES=`ifconfig | grep "inet " | awk '{print $2}' | awk -F: '{print $1"/32"}' | sed s:127\.0\.0\.1/32:127.0.0.1/8:`
#
# Echo our local addresses...
echo -n "Our local-addresses are..."
echo
echo "${LOCAL_ADDRESSES}"
echo
#
# DEFAULT_GW_IFACE
#
# The name of the address that is the default gateway
DEFAULT_GW_IFACE=`netstat -nr | awk '$1 == "0.0.0.0" {print $8}'`
if [ -n "${LOCAL_ADDRESSES}" ]; then echo "LOCAL_ADDRESSES is empty"; fi
/sbin/ip route|awk '/default/ {print $5}'
[root@eris ram]# systemctl status bastille.service -al -n50
● bastille.service - SYSV: iptables packet filtering firewall
Loaded: loaded (/etc/rc.d/init.d/bastille; generated; vendor preset: enabled)
Active: active (exited) since Mon 2019-06-17 08:27:07 PDT; 21min ago
Docs: man:systemd-sysv-generator(8)
Process: 1588 ExecStart=/etc/rc.d/init.d/bastille start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/bastille.service
Jun 17 08:27:02 eris systemd[1]: Starting SYSV: iptables packet filtering firewall...
Jun 17 08:27:03 eris bastille[1588]: Our local-addresses are...
Jun 17 08:27:03 eris bastille[1588]: 68.167.251.142/32
Jun 17 08:27:03 eris bastille[1588]: 10.0.0.1/32
Jun 17 08:27:03 eris bastille[1588]: 127.0.0.1/8
Jun 17 08:27:03 eris bastille[1588]: Our gateway interface is enp0s16
Jun 17 08:27:03 eris bastille[1588]: Our trusted interface is lo
Jun 17 08:27:03 eris bastille[1588]: Our internal interface is enp0s17
Jun 17 08:27:03 eris bastille[1588]: Our gateway address is 68.167.251.141
Jun 17 08:27:03 eris bastille[1588]: Our internal network is 10.0.0.0/255.255.255.0
Jun 17 08:27:05 eris bastille[1588]: Setting up IP spoofing protection... done.
Jun 17 08:27:05 eris bastille[1588]: Setting up broadcast echo protection... done.
Jun 17 08:27:05 eris bastille[1588]: Setting up bad error message protection... done.
Jun 17 08:27:05 eris bastille[1588]: Setting up denial of service protection... done.
Jun 17 08:27:05 eris bastille[1588]: Disabling ICMP accept redirects... done.
Jun 17 08:27:05 eris bastille[1588]: Disabling ICMP send redirects... done.
Jun 17 08:27:05 eris bastille[1588]: Disabling source routed packets... done.
Jun 17 08:27:05 eris bastille[1588]: Setting up log-martians... done.
Jun 17 08:27:05 eris bastille[1588]: Allowing traffic from trusted interfaces... done.
Jun 17 08:27:05 eris bastille[1588]: Loading NAT modules... done.
Jun 17 08:27:06 eris bastille[1588]: Setting up DNAT and SNAT rules... done.
Jun 17 08:27:06 eris bastille[1588]: Setting up chains for internal interface traffic... done.
Jun 17 08:27:06 eris bastille[1588]: Directing traffic to public interfaces... done.
Jun 17 08:27:07 eris bastille[1588]: Excluding private network traffic on public interfacess... done.
Jun 17 08:27:07 eris bastille[1588]: Setting up services audit rules... done.
Jun 17 08:27:07 eris bastille[1588]: Setting up ICMP rules... done.
Jun 17 08:27:07 eris bastille[1588]: Allowing traffic for established connections... done.
Jun 17 08:27:07 eris bastille[1588]: Setting up general rules... done.
Jun 17 08:27:07 eris bastille[1588]: Setting up outbound rules... done.
Jun 17 08:27:07 eris bastille[1588]: Enabling IP forwarding... done.
Jun 17 08:27:07 eris systemd[1]: Started SYSV: iptables packet filtering firewall.
[root@eris ram]# /sbin/bastille-netfilter status
Our local-addresses are...
68.167.251.142/32
10.0.0.1/32
127.0.0.1/8
Our gateway interface is enp0s16
Our trusted interface is lo
Our internal interface is enp0s17
Our gateway address is 68.167.251.141
Our internal network is 10.0.0.0/255.255.255.0
FILTER Table
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 LOG all -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "INPUT DROP 0 "
0 0 DROP all -f * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- !lo * 0.0.0.0/0 127.0.0.0/8 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "INPUT DROP 1 "
0 0 DROP all -- !lo * 0.0.0.0/0 127.0.0.0/8
0 0 LOG all -- !lo * 127.0.0.0/8 0.0.0.0/0 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "INPUT DROP 2 "
0 0 DROP all -- !lo * 127.0.0.0/8 0.0.0.0/0
1791 208K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
141 12032 INT_IN all -- enp0s17 * 0.0.0.0/0 0.0.0.0/0
1685 1736K PUB_IN all -- enp0s16 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * enp0s16 10.0.0.0/24 0.0.0.0/0
0 0 ACCEPT all -- * enp0s17 0.0.0.0/0 10.0.0.0/24
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1791 208K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
148 17654 INT_OUT all -- * enp0s17 0.0.0.0/0 0.0.0.0/0
1531 145K PUB_OUT all -- * enp0s16 0.0.0.0/0 0.0.0.0/0
Chain INT_IN (1 references)
pkts bytes target prot opt in out source destination
131 7860 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22,113,123,631,873,5222,5353,5900,6000:6063,18741
10 4172 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22,113,123,631,873,5222,5353,5900,6000:6063,18741
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INT_OUT (1 references)
pkts bytes target prot opt in out source destination
131 7860 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
10 4172 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain PUB_IN (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/8 0.0.0.0/0 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 3 "
0 0 DROP all -- * * 0.0.0.0/8 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/8 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 4 "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/8
0 0 LOG all -- * * 10.0.0.0/8 0.0.0.0/0 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 5 "
0 0 DROP all -- * * 10.0.0.0/8 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 10.0.0.0/8 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 6 "
0 0 DROP all -- * * 0.0.0.0/0 10.0.0.0/8
0 0 LOG all -- * * 169.254.0.0/16 0.0.0.0/0 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 7 "
0 0 DROP all -- * * 169.254.0.0/16 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 169.254.0.0/16 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 8 "
0 0 DROP all -- * * 0.0.0.0/0 169.254.0.0/16
0 0 LOG all -- * * 172.16.0.0/12 0.0.0.0/0 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 9 "
0 0 DROP all -- * * 172.16.0.0/12 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 172.16.0.0/12 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 10 "
0 0 DROP all -- * * 0.0.0.0/0 172.16.0.0/12
0 0 LOG all -- * * 192.168.0.0/16 0.0.0.0/0 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 11 "
0 0 DROP all -- * * 192.168.0.0/16 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 192.168.0.0/16 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 12 "
0 0 DROP all -- * * 0.0.0.0/0 192.168.0.0/16
0 0 LOG all -- * * 224.0.0.0/4 0.0.0.0/0 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 13 "
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
8 1778 LOG all -- * * 0.0.0.0/0 224.0.0.0/4 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 14 "
11 3245 DROP all -- * * 0.0.0.0/0 224.0.0.0/4
0 0 LOG all -- * * 240.0.0.0/5 0.0.0.0/0 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 15 "
0 0 DROP all -- * * 240.0.0.0/5 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 240.0.0.0/5 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 16 "
0 0 DROP all -- * * 0.0.0.0/0 240.0.0.0/5
0 0 LOG all -- * * 68.167.251.142 0.0.0.0/0 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 17 "
0 0 DROP all -- * * 68.167.251.142 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 255.255.255.255 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB-IN DROP 18 "
0 0 DROP all -- * * 0.0.0.0/0 255.255.255.255
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "audit "
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB_IN DROP 20 "
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
1662 1731K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 5222,18741
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 137:139,631,1026:1028,5353
4 160 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 1:1023,3418,5900,6000:6063 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB_IN DROP 21 "
4 160 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 1:1023,3418,5900,6000:6063
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 5222,18741
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 137:139,631,1026:1028,5353
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 1:1023,3418,5900,6000:6063 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB_IN DROP 22 "
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 1:1023,3418,5900,6000:6063
8 1300 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain PUB_OUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 1 LOG flags 0 level 4 prefix "PUB_OUT DROP 23 "
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
1524 140K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
NAT Table
Chain PREROUTING (policy ACCEPT 141 packets, 9240 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 137 packets, 9080 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 125 packets, 23153 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 109 packets, 7658 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * enp0s16 10.0.0.0/24 0.0.0.0/0 to:68.167.251.142
[root@eris ram]# systemctl status network -al -n50
● network.service - LSB: Bring up/down networking
Loaded: loaded (/etc/rc.d/init.d/network; generated)
Active: active (running) since Tue 2019-06-18 08:30:24 PDT; 3h 48min ago
Docs: man:systemd-sysv-generator(8)
Process: 941 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=0/SUCCESS)
Memory: 2.8M
CGroup: /system.slice/network.service
├─1128 /sbin/ifplugd -I -b -i enp0s16
└─1175 /sbin/ifplugd -I -b -i enp0s17
Jun 18 08:30:22 eris systemd[1]: Starting LSB: Bring up/down networking...
Jun 18 08:30:23 eris network[941]: Bringing up loopback interface: [ OK ]
Jun 18 08:30:24 eris ifplugd(enp0s16)[1128]: ifplugd 0.28 initializing.
Jun 18 08:30:24 eris ifplugd(enp0s16)[1128]: Using interface enp0s16/00:1B:FC:E2:E2:1B with driver <forcedeth> (version: 0.64)
Jun 18 08:30:24 eris ifplugd(enp0s16)[1128]: Using detection mode: SIOCETHTOOL
Jun 18 08:30:24 eris ifplugd(enp0s16)[1128]: Initialization complete, link beat detected.
Jun 18 08:30:24 eris ifplugd(enp0s16)[1128]: Executing '/etc/ifplugd/ifplugd.action enp0s16 up'.
Jun 18 08:30:24 eris network[941]: Bringing up interface enp0s16: [ OK ]
Jun 18 08:30:24 eris ifplugd(enp0s17)[1175]: ifplugd 0.28 initializing.
Jun 18 08:30:24 eris ifplugd(enp0s17)[1175]: Using interface enp0s17/00:1B:FC:D8:A4:EF with driver <forcedeth> (version: 0.64)
Jun 18 08:30:24 eris ifplugd(enp0s17)[1175]: Using detection mode: SIOCETHTOOL
Jun 18 08:30:24 eris ifplugd(enp0s17)[1175]: Initialization complete, link beat detected.
Jun 18 08:30:24 eris ifplugd(enp0s17)[1175]: Executing '/etc/ifplugd/ifplugd.action enp0s17 up'.
Jun 18 08:30:24 eris network[941]: Bringing up interface enp0s17: [ OK ]
Jun 18 08:30:24 eris systemd[1]: Started LSB: Bring up/down networking.
Jun 18 08:30:28 eris ifplugd(enp0s17)[1175]: Program executed successfully.
Jun 18 08:30:28 eris ifplugd(enp0s16)[1128]: Program executed successfully.
[root@eris ram]# systemctl status network-up -al -n50
● network-up.service - LSB: Wait for the hotplugged network to be up
Loaded: loaded (/etc/rc.d/init.d/network-up; generated)
Active: active (exited) since Tue 2019-06-18 08:30:29 PDT; 3h 51min ago
Docs: man:systemd-sysv-generator(8)
Process: 1456 ExecStart=/etc/rc.d/init.d/network-up start (code=exited, status=0/SUCCESS)
Jun 18 08:30:25 eris systemd[1]: Starting LSB: Wait for the hotplugged network to be up...
Jun 18 08:30:29 eris network-up[1456]: Waiting for network to be up[ OK ]
Jun 18 08:30:29 eris systemd[1]: Started LSB: Wait for the hotplugged network to be up.
[root@eris ram]# systemctl status bastille -al -n50
● bastille.service - SYSV: iptables packet filtering firewall
Loaded: loaded (/etc/rc.d/init.d/bastille; generated)
Active: active (exited) since Tue 2019-06-18 08:30:25 PDT; 3h 44min ago
Docs: man:systemd-sysv-generator(8)
Process: 1264 ExecStart=/etc/rc.d/init.d/bastille start (code=exited, status=0/SUCCESS)
Jun 18 08:30:24 eris systemd[1]: Starting SYSV: iptables packet filtering firewall...
Jun 18 08:30:24 eris bastille[1264]: Our local addresses are...
Jun 18 08:30:24 eris bastille[1264]: 127.0.0.1/8
Jun 18 08:30:24 eris bastille[1264]: : error fetching interface information: Device not found
Jun 18 08:30:24 eris bastille[1264]: Our trusted interface is lo
Jun 18 08:30:24 eris bastille[1264]: Our internal interface is enp0s17
Jun 18 08:30:24 eris bastille[1264]: Our internal network is
Jun 18 08:30:24 eris bastille[1264]: Our kernel routing table is...
Jun 18 08:30:24 eris bastille[1264]: Setting up IP spoofing protection... done.
Jun 18 08:30:24 eris bastille[1264]: Setting up broadcast echo protection... done.
Jun 18 08:30:24 eris bastille[1264]: Setting up bad error message protection... done.
Jun 18 08:30:24 eris bastille[1264]: Setting up denial of service protection... done.
Jun 18 08:30:24 eris bastille[1264]: Disabling ICMP accept redirects... done.
Jun 18 08:30:24 eris bastille[1264]: Disabling ICMP send redirects... done.
Jun 18 08:30:24 eris bastille[1264]: Disabling source routed packets... done.
Jun 18 08:30:24 eris bastille[1264]: Setting up log-martians... done.
Jun 18 08:30:24 eris bastille[1264]: Allowing traffic from trusted interfaces... done.
Jun 18 08:30:24 eris bastille[1264]: Loading NAT modules... done.
Jun 18 08:30:25 eris bastille[1264]: Setting up DNAT and SNAT rules...iptables v1.8.2 (legacy): option "--to" requires an argument
Jun 18 08:30:25 eris bastille[1264]: Try `iptables -h' or 'iptables --help' for more information.
Jun 18 08:30:25 eris bastille[1264]: done.
Jun 18 08:30:25 eris bastille[1264]: Setting up chains for internal interface traffic... done.
Jun 18 08:30:25 eris bastille[1264]: Directing traffic to public interfaces... done.
Jun 18 08:30:25 eris bastille[1264]: Excluding private network traffic on public interfacess...Bad argument `limit'
Jun 18 08:30:25 eris bastille[1264]: Try `iptables -h' or 'iptables --help' for more information.
Jun 18 08:30:25 eris bastille[1264]: Bad argument `DROP'
Jun 18 08:30:25 eris bastille[1264]: Try `iptables -h' or 'iptables --help' for more information.
Jun 18 08:30:25 eris bastille[1264]: done.
Jun 18 08:30:25 eris bastille[1264]: Setting up services audit rules... done.
Jun 18 08:30:25 eris bastille[1264]: Setting up ICMP rules... done.
Jun 18 08:30:25 eris bastille[1264]: Allowing traffic for established connections... done.
Jun 18 08:30:25 eris bastille[1264]: Setting up general rules... done.
Jun 18 08:30:25 eris bastille[1264]: Setting up outbound rules... done.
Jun 18 08:30:25 eris bastille[1264]: Enabling IP forwarding... done.
Jun 18 08:30:25 eris systemd[1]: Started SYSV: iptables packet filtering firewall.
[root@eris ram]# cat /disk3/etc/rc.d/init.d/bastille
#!/bin/sh
RCDLINKS="0,K91 1,K91 2,S12 3,S12 5,S12 6,K91"
#
# The Bastille Firewall Packet Filtering Firewall - V0.99 beta 1
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
# (c) 2005 - Robert A Munro (ramunro@speakeasy.net)
#
# On most distributions, this file should be called:
# /etc/rc.d/init.d/bastille or /etc/init.d/bastille
#
# This init script is self-documenting. See /sbin/bastille-netfilter.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
#
# Commands are:
#
# bastille start Starts the firewall
# bastille stop Stops the firewall
# bastille status Displays firewall status
#
#### BEGIN INIT INFO
# Provides: bastille-netfilter
# Required-Start: $network $network-up
# Required-Stop:
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: starts and stops the bastille-netfilter iptables firewall
### END INIT INFO
# chkconfig: 2345 12 91
# description: iptables packet filtering firewall
#
################################################################################
# Give Usage Information #
################################################################################
usage() {
echo "Usage: $0 start|stop|status"
exit 1
}
################################################################################
# E X E C U T I O N B E G I N S H E R E #
################################################################################
command="$1"
case "$1" in
start)
/sbin/bastille-netfilter start
;;
status)
/sbin/bastille-netfilter status
;;
stop)
/sbin/bastille-netfilter stop
;;
*)
usage
;;
esac
[root@eris ram]# systemctl status network -al -n50
● network.service - LSB: Bring up/down networking
Loaded: loaded (/etc/rc.d/init.d/network; generated; vendor preset: enabled)
Active: active (running) since Wed 2019-06-19 06:21:51 PDT; 5h 17min ago
Docs: man:systemd-sysv-generator(8)
Process: 975 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/network.service
├─1192 /sbin/ifplugd -I -b -i enp0s16
└─1228 /sbin/ifplugd -I -b -i enp0s17
Jun 19 06:21:48 eris systemd[1]: Starting LSB: Bring up/down networking...
Jun 19 06:21:50 eris network[975]: Bringing up loopback interface: [ OK ]
Jun 19 06:21:51 eris ifplugd(enp0s16)[1192]: ifplugd 0.28 initializing.
Jun 19 06:21:51 eris ifplugd(enp0s16)[1192]: Using interface enp0s16/00:1B:FC:E2:E2:1B with driver <forcedeth> (version: 0.64)
Jun 19 06:21:51 eris ifplugd(enp0s16)[1192]: Using detection mode: SIOCETHTOOL
Jun 19 06:21:51 eris ifplugd(enp0s16)[1192]: Initialization complete, link beat detected.
Jun 19 06:21:51 eris ifplugd(enp0s16)[1192]: Executing '/etc/ifplugd/ifplugd.action enp0s16 up'.
Jun 19 06:21:51 eris network[975]: Bringing up interface enp0s16: [ OK ]
Jun 19 06:21:51 eris ifplugd(enp0s17)[1228]: ifplugd 0.28 initializing.
Jun 19 06:21:51 eris ifplugd(enp0s17)[1228]: Using interface enp0s17/00:1B:FC:D8:A4:EF with driver <forcedeth> (version: 0.64)
Jun 19 06:21:51 eris ifplugd(enp0s17)[1228]: Using detection mode: SIOCETHTOOL
Jun 19 06:21:51 eris ifplugd(enp0s17)[1228]: Initialization complete, link beat detected.
Jun 19 06:21:51 eris ifplugd(enp0s17)[1228]: Executing '/etc/ifplugd/ifplugd.action enp0s17 up'.
Jun 19 06:21:51 eris network[975]: Bringing up interface enp0s17: [ OK ]
Jun 19 06:21:51 eris systemd[1]: Started LSB: Bring up/down networking.
Jun 19 06:21:56 eris ifplugd(enp0s17)[1228]: Program executed successfully.
Jun 19 06:21:56 eris ifplugd(enp0s16)[1192]: Program executed successfully.
[root@eris ram]# systemctl status bastille -al -n50
● bastille.service - SYSV: iptables packet filtering firewall
Loaded: loaded (/etc/rc.d/init.d/bastille; generated; vendor preset: enabled)
Active: active (exited) since Wed 2019-06-19 06:22:11 PDT; 5h 16min ago
Docs: man:systemd-sysv-generator(8)
Process: 1657 ExecStart=/etc/rc.d/init.d/bastille start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/bastille.service
Jun 19 06:21:56 eris systemd[1]: Starting SYSV: iptables packet filtering firewall...
Jun 19 06:21:58 eris bastille[1657]: Our local addresses are...
Jun 19 06:21:58 eris bastille[1657]: 68.167.251.142/32
Jun 19 06:21:58 eris bastille[1657]: 10.0.0.1/32
Jun 19 06:21:58 eris bastille[1657]: 127.0.0.1/8
Jun 19 06:21:58 eris bastille[1657]: 127.0.0.1/8
Jun 19 06:21:58 eris bastille[1657]: Our gateway interface is enp0s16
Jun 19 06:21:58 eris bastille[1657]: Our trusted interface is lo
Jun 19 06:21:58 eris bastille[1657]: Our internal interface is enp0s17
Jun 19 06:21:58 eris bastille[1657]: Our default internet address is 68.167.251.142
Jun 19 06:21:58 eris bastille[1657]: Our gateway interface address is 68.167.251.141
Jun 19 06:21:58 eris bastille[1657]: Our internal network is 10.0.0.0/255.255.255.0
Jun 19 06:21:58 eris bastille[1657]: Our kernel routing table is...
Jun 19 06:21:58 eris bastille[1657]: default via 68.167.251.141 dev enp0s16 metric 10
Jun 19 06:21:58 eris bastille[1657]: 10.0.0.0/24 dev enp0s17 proto kernel scope link src 10.0.0.1 metric 10
Jun 19 06:21:58 eris bastille[1657]: 68.167.251.140/30 dev enp0s16 proto kernel scope link src 68.167.251.142 metric 10
Jun 19 06:22:03 eris bastille[1657]: Setting up IP spoofing protection... done.
Jun 19 06:22:03 eris bastille[1657]: Setting up broadcast echo protection... done.
Jun 19 06:22:03 eris bastille[1657]: Setting up bad error message protection... done.
Jun 19 06:22:03 eris bastille[1657]: Setting up denial of service protection... done.
Jun 19 06:22:03 eris bastille[1657]: Disabling ICMP accept redirects... done.
Jun 19 06:22:03 eris bastille[1657]: Disabling ICMP send redirects... done.
Jun 19 06:22:03 eris bastille[1657]: Disabling source routed packets... done.
Jun 19 06:22:03 eris bastille[1657]: Setting up log-martians... done.
Jun 19 06:22:32 eris bastille[1657]: Allowing traffic from trusted interfaces... done.
Jun 19 06:22:32 eris bastille[1657]: Loading NAT modules... done.
Jun 19 06:22:32 eris bastille[1657]: Setting up DNAT and SNAT rules... done.
Jun 19 06:22:32 eris bastille[1657]: Setting up chains for internal interface traffic... done.
Jun 19 06:22:32 eris bastille[1657]: Directing traffic to public interfaces... done.
Jun 19 06:22:32 eris bastille[1657]: Excluding private network traffic on public interfacess... done.
Jun 19 06:22:32 eris bastille[1657]: Setting up services audit rules... done.
Jun 19 06:22:32 eris bastille[1657]: Setting up ICMP rules... done.
Jun 19 06:22:32 eris bastille[1657]: Allowing traffic for established connections... done.
Jun 19 06:22:32 eris bastille[1657]: Setting up general rules... done.
Jun 19 06:22:32 eris bastille[1657]: Setting up outbound rules... done.
Jun 19 06:22:32 eris bastille[1657]: Enabling IP forwarding... done.
Jun 19 06:22:11 eris systemd[1]: Started SYSV: iptables packet filtering firewall.
[root@eris ram]# systemctl status network -al -n50
● network.service - LSB: Bring up/down networking
Loaded: loaded (/etc/rc.d/init.d/network; generated)
Active: active (running) since Sun 2019-06-23 18:57:07 PDT; 4min 40s ago
Docs: man:systemd-sysv-generator(8)
Process: 939 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=0/SUCCESS)
Memory: 3.1M
CGroup: /system.slice/network.service
├─1126 /sbin/ifplugd -I -b -i enp0s16
└─1191 /sbin/ifplugd -I -b -i enp0s17
Jun 23 18:57:06 eris systemd[1]: Starting LSB: Bring up/down networking...
Jun 23 18:57:07 eris network[939]: Bringing up loopback interface: [ OK ]
Jun 23 18:57:07 eris ifplugd(enp0s16)[1126]: ifplugd 0.28 initializing.
Jun 23 18:57:07 eris ifplugd(enp0s16)[1126]: Using interface enp0s16/00:1B:FC:E2:E2:1B with driver <forcedeth> (version: 0.64)
Jun 23 18:57:07 eris ifplugd(enp0s16)[1126]: Using detection mode: SIOCETHTOOL
Jun 23 18:57:07 eris ifplugd(enp0s16)[1126]: Initialization complete, link beat detected.
Jun 23 18:57:07 eris ifplugd(enp0s16)[1126]: Executing '/etc/ifplugd/ifplugd.action enp0s16 up'.
Jun 23 18:57:07 eris network[939]: Bringing up interface enp0s16: [ OK ]
Jun 23 18:57:07 eris ifplugd(enp0s17)[1191]: ifplugd 0.28 initializing.
Jun 23 18:57:07 eris ifplugd(enp0s17)[1191]: Using interface enp0s17/00:1B:FC:D8:A4:EF with driver <forcedeth> (version: 0.64)
Jun 23 18:57:07 eris ifplugd(enp0s17)[1191]: Using detection mode: SIOCETHTOOL
Jun 23 18:57:07 eris ifplugd(enp0s17)[1191]: Initialization complete, link beat detected.
Jun 23 18:57:07 eris ifplugd(enp0s17)[1191]: Executing '/etc/ifplugd/ifplugd.action enp0s17 up'.
Jun 23 18:57:07 eris network[939]: Bringing up interface enp0s17: [ OK ]
Jun 23 18:57:07 eris systemd[1]: Started LSB: Bring up/down networking.
Jun 23 18:57:12 eris ifplugd(enp0s17)[1191]: Program executed successfully.
Jun 23 18:57:12 eris ifplugd(enp0s16)[1126]: Program executed successfully.
[root@eris ram]# systemctl status network-up -al -n50
● network-up.service - LSB: Wait for the hotplugged network to be up
Loaded: loaded (/etc/rc.d/init.d/network-up; generated)
Active: active (exited) since Sun 2019-06-23 18:57:13 PDT; 4min 49s ago
Docs: man:systemd-sysv-generator(8)
Process: 1456 ExecStart=/etc/rc.d/init.d/network-up start (code=exited, status=0/SUCCESS)
Jun 23 18:57:08 eris systemd[1]: Starting LSB: Wait for the hotplugged network to be up...
Jun 23 18:57:13 eris network-up[1456]: Waiting for network to be up[ OK ]
Jun 23 18:57:13 eris systemd[1]: Started LSB: Wait for the hotplugged network to be up.
[root@eris ram]# systemctl status bastille -al -n50
● bastille.service - SYSV: iptables packet filtering firewall
Loaded: loaded (/etc/rc.d/init.d/bastille; generated)
Active: active (exited) since Sun 2019-06-23 18:57:08 PDT; 2min 56s ago
Docs: man:systemd-sysv-generator(8)
Process: 1247 ExecStart=/etc/rc.d/init.d/bastille start (code=exited, status=0/SUCCESS)
Jun 23 18:57:07 eris systemd[1]: Starting SYSV: iptables packet filtering firewall...
Jun 23 18:57:07 eris bastille[1247]: Our local addresses are...
Jun 23 18:57:07 eris bastille[1247]: 127.0.0.1/8
Jun 23 18:57:08 eris bastille[1247]: Warning: The network is not available yet
Jun 23 18:57:08 eris bastille[1247]: Our gateway interface is enp0s16
Jun 23 18:57:08 eris bastille[1247]: Our trusted interface is lo
Jun 23 18:57:08 eris bastille[1247]: Our internal interface is enp0s17
Jun 23 18:57:08 eris bastille[1247]: Our default internet address is 68.167.251.142
Jun 23 18:57:08 eris bastille[1247]: Our internal network is
Jun 23 18:57:08 eris bastille[1247]: Our kernel routing table is...
Jun 23 18:57:08 eris bastille[1247]: Setting up IP spoofing protection... done.
Jun 23 18:57:08 eris bastille[1247]: Setting up broadcast echo protection... done.
Jun 23 18:57:08 eris bastille[1247]: Setting up bad error message protection... done.
Jun 23 18:57:08 eris bastille[1247]: Setting up denial of service protection... done.
Jun 23 18:57:08 eris bastille[1247]: Disabling ICMP accept redirects... done.
Jun 23 18:57:08 eris bastille[1247]: Disabling ICMP send redirects... done.
Jun 23 18:57:08 eris bastille[1247]: Disabling source routed packets... done.
Jun 23 18:57:08 eris bastille[1247]: Setting up log-martians... done.
Jun 23 18:57:08 eris bastille[1247]: Allowing traffic from trusted interfaces... done.
Jun 23 18:57:08 eris bastille[1247]: Loading NAT modules... done.
Jun 23 18:57:08 eris bastille[1247]: Setting up DNAT and SNAT rules... done.
Jun 23 18:57:08 eris bastille[1247]: Setting up chains for internal interface traffic... done.
Jun 23 18:57:08 eris bastille[1247]: Directing traffic to public interfaces... done.
Jun 23 18:57:08 eris bastille[1247]: Excluding private network traffic on public interfacess... done.
Jun 23 18:57:08 eris bastille[1247]: Setting up services audit rules... done.
Jun 23 18:57:08 eris bastille[1247]: Setting up ICMP rules... done.
Jun 23 18:57:08 eris bastille[1247]: Allowing traffic for established connections... done.
Jun 23 18:57:08 eris bastille[1247]: Setting up general rules... done.
Jun 23 18:57:08 eris bastille[1247]: Setting up outbound rules... done.
Jun 23 18:57:08 eris bastille[1247]: Enabling IP forwarding... done.
Jun 23 18:57:08 eris systemd[1]: Started SYSV: iptables packet filtering firewall.
griffin2 wrote:"network not really up" bug in Mageia 7 RC
Return to Testing : Alpha, Beta, RC and Cauldron
Users browsing this forum: No registered users and 1 guest