Re: rc.firewall script problems

[Lance Spitzner <lance () honeynet org>]

>   My rc.firewall (an exact copy of
> http://www.honeynet.org/tools/dcontrol/rc.firewall, except for some
> configuration options) does not work properly. The firewall doesn't log
> anything or allow any connections outbound. After a lot of tinkering, I
> discovered that the -i flag used to specify interface does not seem to 
> be
> working at all. If I remove the -i flag then the firewall sort-of 
> works (the
> firewall assumes everything is INBOUND because the inbound lines 
> preceed the
> outbound lines). My kernel is 2.6.11.3 and has every netfilter option
> enabled. I have rebuilt iptables several times to no avail.
>   Does anyone have any idea what could be causing this? I get the 
> feeling I am
> overlooking something very trivial.


Unfortunately, this script is old and outdated, designed only for the 
2.4 kernel.  The purpose of the script was for back in the days when 
you had to roll your own Honeywall.  Now we have tools to automate the 
process.  The new Honeywall CDROM 'Roo' will be released this May, 
replacing the outdated 'Eeyore'.  The rc.firewall script you find on 
the CDROM's (and which we actively maintain) have been greatly changed, 
modified to work with the Honeywall CDROM's themselves.  You can't use 
it as a standalone without modifying it.

I've pulled the script from our website. We  simply don't have the 
resources to maintain both a CDROM version and standalone.  If you are 
interested in Honeywall technology, and want to use our tools, your 
best bet is to go with our Honeywall CDROM(s).

lance