Honeypots mailing list archives
Re: honeywall roo: rc.firewall questions
From: "Earl Sammons" <esammons () hush com>
Date: Fri, 27 May 2005 17:53:57 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 James, I'm going to "punt" (for the moment) on "A" but as far as "B" goes, we set things up so that by default: ALLOWED_TCP_OUT=22 25 43 80 443 ALLOWED_UDP_OUT=53 123 to support: SSH, SMTP, Whois, WWW, SSL, DNS, and NTP outbound. As long as you have configured management IP/Netmask/GW/DNS and have not otherwise undone the above yum update should work. You can cehck all of these values with the command 'hwctl -a'. Earl On Thu, 26 May 2005 14:25:37 -0700 James Oliver <686f6e6579 () gmail com> wrote:
Hi, While going through the rc.firewall script of the new honeywall roo the following questions came up: A) Assumptions: *) ROACHMOTEL is not enabled *) HwRESTRICT is enabled That means that connections from the honeypots are possible to ports defined in HwALLOWED_TCP_OUT and HwALLOWED_UDP_OUT. Looking at http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html#section5 I thought that means that iptables rules have to operate on the FORWARD rule. However, the following iptables commands (after the "if [ "${HwROACHMOTEL_ENABLE}" = "no" ]; then") operate on the OUTPUT rules: [...] for port in ${HwALLOWED_TCP_OUT}; do iptables -A OUTPUT -p tcp --dport $port -m state \r --state NEW,ESTABLISHED,RELATED -j ACCEPT done [...] Where am I wrong, or is this a bug in the roo rc.firewall script? B) Is there a supported way to allow the Honeywall the updating via yum, e.g. allow new outgoing TCP connections for yum, together with outgoing UDP packets for the nameserver queries or do I have to execute iptables scripts myself, when I want to do the update? Bye and thanks for your answers, James
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkKXwUYACgkQk7+e+4lPSm14+QCgkSbR3a8R4SGEf1qenTBrm1/jY8QA niDjmJLKfl9yN0C/5JRC0LQ/893m =kXDc -----END PGP SIGNATURE-----
Current thread:
- honeywall roo: rc.firewall questions James Oliver (May 26)
- Message not available
- Re: honeywall roo: rc.firewall questions Jocelyn Parker (May 28)
- Message not available
- <Possible follow-ups>
- Re: honeywall roo: rc.firewall questions Earl Sammons (May 27)
- Re: honeywall roo: rc.firewall questions James Oliver (May 28)
- Re: honeywall roo: rc.firewall questions Earl Sammons (May 29)
- Re: honeywall roo: rc.firewall questions Earl Sammons (May 29)