[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: how to stop ipchains?




On Sat, 23 Sep 2000, Prabhu Ramachandran wrote:
> 	ipchains -D chain rulenum [options]

(in reply to )

> >>>>> "MKS" == M K Saravanan <mksarav@xxxxxxxxxxxxxxxxx> writes:
>     MKS> hi all, as done in /etc/rc.d/init.d/xxxx start | stop, how to
>     MKS> stop ipchains while it is running.  (don't ask me to shutdown
>     MKS> or reboot ;-)
 -------------------

this is is not quite the same. prabhu's solution will delete the referred
rule(s) from ipchains and cannot start/stop ipchains. the question is what
is meant by stopping ipchains? does one stop forwarding or does one
forward everything promiscuously? ipchains is not a service that can be
started and stopped at will. there is no 'external' daemon handling it and
hence there is no start/stop facility.  the functionality comes from the
kernel, so one will have to find a way to add/remove the functionality -
like kernel modules. since ipchains controlls ip-forwarding, one could
turn ip-forwarding on and off to obtain the functionality (depending on
ones need, this may or may not be correct). it is easy to do this - just
need to set the appropriate value in /proc/sys/ipv4/net. the other option
is to write small scripts that delete/add rules as appropriate for the
change.

sriram


---
Visit our home page at: www.chennailug.org
Send e-mail to 'ilugc-request@xxxxxxxxxxxxxxxxxx' with 'unsubscribe' 
in either the subject or the body to unsubscribe from this list.