Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HOWTO: Iptables for newbies. PART I: Getting Started
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
BlackCat73
n00b
n00b


Joined: 11 Sep 2004
Posts: 15
Location: VIC, Australia

PostPosted: Thu Sep 16, 2004 11:49 am    Post subject: Reply with quote

Ok, I read other post in this or another thread that those long lines that I typed is a shell script.
So I copied it into my /root/scripts/iptables_script and made it executable by chmod it executable
then I ran it by doing
Code:
./iptables_script

I then got error message
Code:

root@usagi scripts # ./iptables_script
modprobe: Can't locate module ip_tables
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: Can't locate module ip_tables
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: Can't locate module ip_tables
iptables v1.2.11: can't initialize iptables table `nat': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: Can't locate module ip_tables
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: Can't locate module ip_tables
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: Can't locate module ip_tables
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: Can't locate module ip_tables
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Am I suppose to recompile it into the kernel as a module?

Thanks.
Back to top
View user's profile Send private message
BlackCat73
n00b
n00b


Joined: 11 Sep 2004
Posts: 15
Location: VIC, Australia

PostPosted: Fri Sep 17, 2004 6:32 am    Post subject: Reply with quote

I got it fixed, I forgot to include the necessary components in my kernel :oops:
After I did that, recompile my kernel, everything returns to normal :D
Back to top
View user's profile Send private message
BlindSpy
Apprentice
Apprentice


Joined: 20 Mar 2004
Posts: 263

PostPosted: Fri Sep 17, 2004 3:13 pm    Post subject: Reply with quote

great guide! thanks
_________________
Symlinks to:
xorg.conf
Back to top
View user's profile Send private message
burmashave
Tux's lil' helper
Tux's lil' helper


Joined: 01 Dec 2002
Posts: 82

PostPosted: Mon Sep 20, 2004 5:21 am    Post subject: Thanks! Reply with quote

Thanks for an excellent quickstart!
Back to top
View user's profile Send private message
radsatori
n00b
n00b


Joined: 11 Sep 2003
Posts: 6
Location: Halifax, Nova Scotia

PostPosted: Thu Oct 07, 2004 8:06 pm    Post subject: I find this is a muck simplier way for me Reply with quote

I use this process on my Gentoo box and my Redhat VPS, and for me it is the simplest from all the ways I have tried.

Basically put in the ports of the services you want and comment out the ones you don't, and then run the script.

Then after you run the script, do a /etc/init.d/iptables save, and then a /etc/init.d/iptables restart.

You can take a peek at what your current rules are by running the command iptables-save at any time.

And if you have just installed iptables, as mentioned do a rc-update add iptables default

SCRIPT - I called mine firewall.sh and made it executable

**********************************************************

#!/bin/bash

#---------------------------------------------------------------
# Reset everything
#---------------------------------------------------------------
iptables -F
iptables -X
iptables -F -t nat
iptables -F -t mangle

#---------------------------------------------------------------
# Basically let this machine acces any port on itself
#---------------------------------------------------------------
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#---------------------------------------------------------------
# Users on this computers can access the web with no problems
#---------------------------------------------------------------
iptables -A OUTPUT -m state --state NEW -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#---------------------------------------------------------------
# Different ports to be accessed
#---------------------------------------------------------------

#------- FTP SERVICES ---------------------------------------
iptables -A INPUT -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT

#------- SSH SERVICES ---------------------------------------
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

#------- SMTP SERVICES --------------------------------------
iptables -A INPUT -p tcp --dport 25 -j ACCEPT

#------- NAME SERVER ----------------------------------------
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 953 -j ACCEPT

#------- APACHE WEB SERVER ----------------------------------
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

#------- POP3 SERVER ----------------------------------------
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 995 -j ACCEPT

#------- IMAP SERVER ----------------------------------------
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 993 -j ACCEPT
_________________
Linux Hackers mandate is to have 75% of all Maritime Canada residents, business's, and government entities using the Linux operating system and other open source derived software by the year 2009.
Back to top
View user's profile Send private message
Rooney
Apprentice
Apprentice


Joined: 07 Aug 2003
Posts: 193
Location: Sheffield, UK

PostPosted: Wed Oct 20, 2004 4:53 pm    Post subject: Reply with quote

Just want to say thank im not a noob to gentoo but certainly am to IP Tables and this helped big time.

Cheers.....Rooney
Back to top
View user's profile Send private message
lundi
n00b
n00b


Joined: 13 Dec 2003
Posts: 13

PostPosted: Fri Oct 22, 2004 3:17 am    Post subject: Reply with quote

every time when I startup iptables service, I have to do
"echo 1 > /proc/sys/net/ipv4/ip_forward" manually again. Do I some thing wrong?
Back to top
View user's profile Send private message
Walmarde
Tux's lil' helper
Tux's lil' helper


Joined: 17 Mar 2003
Posts: 91
Location: Granby (Quebec)

PostPosted: Fri Oct 29, 2004 5:44 pm    Post subject: Reply with quote

Nice how-to !
_________________
Naturally, the common people don't want war, it is always a simple matter to drag people. All you have to do is to tell them they are being attacked and denounce the pacifist for lack of patriotism and exposing the country to danger. -Hermann Goering-
Back to top
View user's profile Send private message
zdra
Veteran
Veteran


Joined: 30 Nov 2003
Posts: 1693
Location: Bruxelles, Belgique

PostPosted: Sat Oct 30, 2004 9:11 am    Post subject: Reply with quote

lundi wrote:
every time when I startup iptables service, I have to do
"echo 1 > /proc/sys/net/ipv4/ip_forward" manually again. Do I some thing wrong?


I've the same problem ! ive tried with this in /etc/conf.d/iptables:
Code:
ENABLE_FORWARDING_IPv4="yes"

but doesn't works.... someone has an idea ?

thx.
Back to top
View user's profile Send private message
Tazok
Guru
Guru


Joined: 25 Oct 2003
Posts: 310

PostPosted: Sun Nov 07, 2004 5:13 pm    Post subject: Reply with quote

My router has only one NIC, which is connected to the adsl-modem and to the rest of the network via a switch. It looks like this:

Code:

         switch         ______
 ___         _           (            )
|      |-----|_|-------( LAN    )
|___|       |            (______)
router    |
                |
               |_| adsl-modem


Can anyone provide me with an absolutely minimal configuration for iptables, including masquerading (access to the internet from my LAN) and blocking all incoming connections from the internet (prevent access to nfs and other network services) ?
I would really like to learn iptables, but I need something to start with.
Thanks for any help!
Back to top
View user's profile Send private message
res0r9lm
n00b
n00b


Joined: 30 Jul 2004
Posts: 56

PostPosted: Mon Nov 08, 2004 6:42 pm    Post subject: Reply with quote

/etc/conf.d/iptables and /etc/init.d/iptables has changed and no longer have anything to do with ipforwarding in the latest ~x86 version not sure where this needs to be enable now but I think /etc/sysctl
Back to top
View user's profile Send private message
j-m
Retired Dev
Retired Dev


Joined: 31 Oct 2004
Posts: 975

PostPosted: Tue Nov 09, 2004 2:16 am    Post subject: Reply with quote

Put the following in /etc/conf.d/local.start
Code:

echo "1" > /proc/sys/net/ipv4/conf/all/forwarding


This is also advised when you finish emerging iptables.
Back to top
View user's profile Send private message
cocran
n00b
n00b


Joined: 27 Jan 2005
Posts: 1

PostPosted: Fri Jan 28, 2005 12:08 am    Post subject: iptables problem Reply with quote

Hello. I am a new Linux and Gentoo supporter, and I have a problem with the Iptables.
I followed the great tutorial, but I stop without seeing "the light out out of the tunnel"

I compliled the kernel with genkernel and I enabled iptable support(not as a modul). I merged the iptables and configured the network. But when trying to run the script I get

Code:

bash-2.05b# ./ipConfig.script
iptables v1.2.11: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Warning: wierd character in interface `-o' (No aliases, :, ! or *).
Bad argument `eth0'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.11: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
bash-2.05b#


I also tryed again but making enabling iptables in the kernel as a modul, then I making "modprobe ip_tables". Infact I have this result from lsmod

Code:

bash-2.05b# lsmod     
Module                  Size  Used by
ipt_MASQUERADE          3464  2
iptable_nat            24620  2 ipt_MASQUERADE
ip_tables              17920  2 ipt_MASQUERADE,iptable_nat
ohci_hcd               17924  0
snd_via82xx            21764  0
snd_ac97_codec         59908  1 snd_via82xx
snd_pcm                76808  1 snd_via82xx
snd_page_alloc          8840  2 snd_via82xx,snd_pcm
snd_mpu401_uart         5504  1 snd_via82xx
snd_rawmidi            18852  1 snd_mpu401_uart
usbhid                 28480  0
uhci_hcd               27792  0
parport_pc             25920  0
parport                32328  1 parport_pc
via_agp                 6784  1
usb_storage            25088  0
ehci_hcd               24580  0
usbcore                91360  7 ohci_hcd,usbhid,uhci_hcd,usb_storage,ehci_hcd


But the result of the script is the same.I am using kernel 2.6.7

I really don't know what I can invet to help me :cry:

Thanks :)
_________________
The hope is the last to die
Back to top
View user's profile Send private message
Rooney
Apprentice
Apprentice


Joined: 07 Aug 2003
Posts: 193
Location: Sheffield, UK

PostPosted: Fri Jan 28, 2005 5:27 pm    Post subject: Reply with quote

Just built my self a new system where as the old one worked fine with iptables but this one won't boot the modified kernel for some reason can some one look over my kernel option

< > Connection tracking (required for masq/NAT) │ │
│ │ [ ] Connection mark tracking support │ │
│ │ < > Userspace queueing via NETLINK │ │
│ │ <M> IP tables support (required for filtering/masq/NAT) │ │
│ │ <M> limit match support │ │
│ │ <M> IP range match support │ │
│ │ <M> MAC address match support │ │
│ │ <M> Packet type match support │ │
│ │ <M> netfilter MARK match support │ │
│ │ <M> Multiple port match support │ │
│ │ <M> TOS match support │ │
│ │ <M> recent match support │ │
│ │ <M> ECN match support │ │
│ │ <M> DSCP match support │ │
│ │ <M> AH/ESP match support │ │
│ │ <M> LENGTH match support │ │
│ │ <M> TTL match support │ │
│ │ <M> tcpmss match support │ │
│ │ <M> Owner match support │ │
│ │ <M> address type match support │ │
│ │ <M> realm match support │ │
│ │ <M> SCTP protocol match support │ │
│ │ <M> comment match support │ │
│ │ <M> hashlimit match support │ │
│ │ <M> Packet filtering │ │
│ │ <M> REJECT target support │ │
│ │ <M> LOG target support │ │
│ │ <M> ULOG target support │ │
│ │ <M> TCPMSS target support │ │
│ │ < > Packet mangling │ │
│ │ < > raw table support (required for NOTRACK/TRACE) │ │
│ │ < > ARP tables support │ │
│ │ < > ipchains (2.2-style) support │ │
│ │ < > ipfwadm (2.0-style) support

as these are all modules i wouldent have thought it would affect a boot as they are loaded on demaned and i havent yet added any thing to modules.autoload yet

####appendment####

i have found this is when i add my network card drivers i have also tried 2 xcard (e100 and 3c59x) but both fetch a kernel panic
Back to top
View user's profile Send private message
torklingberg
Tux's lil' helper
Tux's lil' helper


Joined: 30 May 2004
Posts: 86

PostPosted: Sat Jan 29, 2005 10:18 pm    Post subject: Reply with quote

What settings changes if I want forwarding for the client, but no firewalling?
Back to top
View user's profile Send private message
edwardpayne
n00b
n00b


Joined: 17 Nov 2004
Posts: 7
Location: Östersund, Sweden

PostPosted: Thu Feb 03, 2005 9:19 pm    Post subject: ipt_state not found Reply with quote

I installed a new gentoo system last night.
i can't get iptables to work on this machine. I figured out that i'm missing the ipt_state module (can't load it) since it's this line I can't execute:
Code:
$IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state NEW,ESTABLISHED -j ACCEPT


It's very annoying.. I can't find where ipt_state is in the menconfig either.. I need help here! I'm using Gentoo 2003.4 with the gen-sources kernel (2.6).

Or am I wrong about ipt_state?
plz help.
Back to top
View user's profile Send private message
Xamindar
Veteran
Veteran


Joined: 03 Oct 2004
Posts: 1155
Location: California

PostPosted: Thu Feb 24, 2005 5:27 pm    Post subject: Reply with quote

Great howto! Thanks.

I have a couple of questions though.

What does this part do exactly?
Code:
# forward LAN traffic from $INTIF1 to Internet interface $EXTIF
$IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF -m state --state NEW,ESTABLISHED -j ACCEPT


As my internal network is able to communicate with the outside world just fine with only nabled, this command doesn't make sense.

Does the commented out "echo -e" even do anything?
Code:
#echo -e "       - Allowing access to the SSH server"
$IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT
 



And also, is there any way to ignore arp requests that my isp is continually sending out? Or is that kind of pointless.

Thanks:D
Back to top
View user's profile Send private message
SerfurJ
l33t
l33t


Joined: 10 Apr 2004
Posts: 824
Location: Texas

PostPosted: Wed Mar 09, 2005 7:27 pm    Post subject: Reply with quote

here's an even simpler starting point for people who don't need the system to be a router:

Code:
#!/bin/bash
IPTABLES='/sbin/iptables'

# Set interface values
EXTIF='eth1'

# flush rules and delete chains
$IPTABLES -F
$IPTABLES -X
                                                                               
#echo -e "       - Allowing access to the SSH server"
$IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT
                                                                               
#echo -e "       - Allowing access to the HTTP server"
$IPTABLES -A INPUT --protocol tcp --dport 80 -j ACCEPT
                                                                               
# block out all other Internet access on $EXTIF
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,INVALID -j DROP
$IPTABLES -A FORWARD -i $EXTIF -m state --state NEW,INVALID -j DROP
Back to top
View user's profile Send private message
imsdunn
n00b
n00b


Joined: 06 Sep 2003
Posts: 19

PostPosted: Sat Mar 12, 2005 8:43 pm    Post subject: Reply with quote

Krunk, Very nice! Great instructions! I just set up my first network at home following your instructions.
_________________
---------------------
s.dunn
Back to top
View user's profile Send private message
odioworks_com
Tux's lil' helper
Tux's lil' helper


Joined: 23 Jan 2005
Posts: 82
Location: Charlottesville, Virginia

PostPosted: Thu Apr 07, 2005 8:06 pm    Post subject: Reply with quote

hm can't seem to get it to work...

Every time I run /etc/init.d/iptables start I get this error:
: No such file or directory

Here is my exact IPtables script:
http://www.odioworks.com/iptables_code.txt

I asked this question in another post (https://forums.gentoo.org/viewtopic-p-2283977.html#2283977) and MrUlterior has been graciously helping me. He suggested adding the code:

Quote:

for MODULE in `find /lib/modules/*/netfilter -name "*.ko" -type f -print "%f" | egrep -o "[^\.]+"`; do
echo "Loading ${MODULE}"
modprobe $MODULE
done


Since iptables is built into my kernel and not loaded. However this has not helped. Anyone experience this before? Is there another simple iptables script that people have had success with? I'm just basically interested in NATing...

TIA,

Sam
Back to top
View user's profile Send private message
eleanor
l33t
l33t


Joined: 01 Nov 2004
Posts: 666

PostPosted: Fri May 13, 2005 2:40 pm    Post subject: Reply with quote

Can anyone explain this to me:

Quote:
#!/bin/bash

#---------------------------------------------------------------
# Reset everything
#---------------------------------------------------------------
iptables -F
iptables -X
iptables -F -t nat
iptables -F -t mangle

#---------------------------------------------------------------
# Basically let this machine acces any port on itself
#---------------------------------------------------------------
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#---------------------------------------------------------------
# Users on this computers can access the web with no problems
#---------------------------------------------------------------
iptables -A OUTPUT -m state --state NEW -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#---------------------------------------------------------------
# Different ports to be accessed
#---------------------------------------------------------------

#------- FTP SERVICES ---------------------------------------
iptables -A INPUT -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT

#------- SSH SERVICES ---------------------------------------
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

#------- SMTP SERVICES --------------------------------------
iptables -A INPUT -p tcp --dport 25 -j ACCEPT

#------- NAME SERVER ----------------------------------------
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 953 -j ACCEPT

#------- APACHE WEB SERVER ----------------------------------
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

#------- POP3 SERVER ----------------------------------------
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 995 -j ACCEPT

#------- IMAP SERVER ----------------------------------------
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 993 -j ACCEPT


I would like to know what are the basic rules when writing this. I understang what "iptables -A INPUT -p tcp --dport 143 -j ACCEPT " that is the way it is, but I don't understand the other things. Please, need help?
Back to top
View user's profile Send private message
volkmar
Tux's lil' helper
Tux's lil' helper


Joined: 01 Jul 2004
Posts: 122

PostPosted: Sat Jul 02, 2005 9:53 am    Post subject: Reply with quote

SerfurJ wrote:
here's an even simpler starting point for people who don't need the system to be a router:


I've got another one here. It's using the DROP policy and some ACCEPTs on the INPUT chain. This way both eth0 and eth1 can be used as interfaces to the internet.
Code:
######################### start ###########################

iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 3 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 11 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 12 -j ACCEPT
iptables -A INPUT -p tcp --syn --dport 113 -j REJECT --reject-with tcp-reset

############################# end #################################

Since it's only a few lines you don't need a script for it. Simply type the commands into console, then run "iptables-save". On reboot it should be restored automatically by "iptables-restore".
Additional lines for remote-login (ssh) or sip phone calls may be addes.

Thanks to Georgi Alexandrov's reply on the netfilter mailing list.
Back to top
View user's profile Send private message
simongermain
n00b
n00b


Joined: 02 Feb 2006
Posts: 1

PostPosted: Thu Feb 02, 2006 5:34 am    Post subject: Reply with quote

Thanks a lot! this guide is REALLY helpful!

Good work man!
Back to top
View user's profile Send private message
huckabuck
Tux's lil' helper
Tux's lil' helper


Joined: 14 Apr 2007
Posts: 110
Location: Bronx, NY

PostPosted: Sun Nov 30, 2008 5:52 pm    Post subject: Reply with quote

Hi, i've been trying to get my iptables working for 3 days now, and i am lost. These are the commands i've been running as root,

tux ~ # modprobe ip_tables
tux ~ # iptables -F
tux ~ # iptables -X
tux ~ # iptables -Z
tux ~ # iptables -t mangle -F
tux ~ # iptables -t mangle -X
tux ~ # iptables -t mangle -Z
tux ~ # iptables -P INPUT DROP
tux ~ # iptables -P FORWARD DROP
tux ~ # iptables -P OUTPUT ACCEPT
tux ~ # iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name

and the whole thing gets hung up with the last line. I just want to set up a basic firewall to be able to browse and torrent, and possible set up an ftp fileserver in the future. What am i doing wrong. I wanted to get the rules straight, and get an understanding of what each command did before i put it in a script to start up at boot.

Can anyone point me in the right direction ? i know this was originally scripted for a box running as a router, but i have just my main system. I'm running gentoo-sources 2.6.26-r3.

Thanks in advance.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3
Page 3 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum