Honeypots mailing list archives
Re: rc.firewall script problems
From: "Jesse Morgan" <jesse () jesterpm net>
Date: Sat, 26 Mar 2005 21:04:11 -0800 (PST)
If you do want a typical firewall here's some basic information: http://lfs.osuosl.org/blfs/view/6.0/postlfs/firewall.html -- Jesse Morgan jesse () jesterpm net www.jesterpm.net Earl Sammons said:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Craig, I'm guesing you are looking for a firewall setup script for a "typical" firewall. That is a Deny all "inbound" unless I explicitly Allow. If that is the case, then rc.firewall is not what you want and if you are using rc.firewall for a "typical" firewall please shut it down NOW. rc.firewall (maybe a better name is rc.honeywall?) is designed to setup a honeywall. Honeywalls are sort of firewalls in reverse. They typically allow just about everything INBOUND and limit what goes out. There are tons of iptables firewalling howtos out there... google is your friend :) Earl On Sat, 26 Mar 2005 15:39:59 -0800 Craig Holmes <leusent () absolut intellihost ca> wrote:Hello everyone, My rc.firewall (an exact copy of http://www.honeynet.org/tools/dcontrol/rc.firewall, except for some configuration options) does not work properly. The firewall doesn't log anything or allow any connections outbound. After a lot of tinkering, I discovered that the -i flag used to specify interface does not seem to be working at all. If I remove the -i flag then the firewall sort-of works (the firewall assumes everything is INBOUND because the inbound lines preceed the outbound lines). My kernel is 2.6.11.3 and has every netfilter option enabled. I have rebuilt iptables several times to no avail. Does anyone have any idea what could be causing this? I get the feeling I am overlooking something very trivial. Thanks, Craig Holmes ------- Some extra information: root@Weltall honeywall # ./rc.firewall Starting up Bridging mode. FATAL: Module ipt_LOG not found. FATAL: Module ip_conntrack_ftp not found. FATAL: Module ip_conntrack_irc not found. root@Weltall honeywall # brctl show bridge name bridge id STP enabled interfaces br0 8000.0080c8f31cdc no eth1 eth0 If I remove all -i interfaces from the script: Mar 25 15:25:54 Weltall INBOUND OTHER: IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=eth1 SRC=xx.xxx.xxx.xxx DST=216.109.118.41 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=1467 DF PROTO=TCP SPT=1117 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 -- KMail: 1.7.2 Linux Weltall 2.6.11.3 #3 Thu Mar 17 19:03:09 EST 2005 i686 AMD Athlon(TM) XP 2500+ AuthenticAMD GNU/Linux-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkJGLKMACgkQk7+e+4lPSm3VngCfRGaZX0B/u/LVj3JhXNzlqcZtzp4A niX0ySB/Dfl+gkdFRUZZefmqUHGc =qo7v -----END PGP SIGNATURE-----
Current thread:
- rc.firewall script problems Craig Holmes (Mar 26)
- Re: rc.firewall script problems Lance Spitzner (Mar 27)
- Message not available
- Re: rc.firewall script problems Craig Holmes (Mar 27)
- Re: rc.firewall script problems Aaron G. Wade (Mar 28)
- <Possible follow-ups>
- Re: rc.firewall script problems Earl Sammons (Mar 26)
- Re: rc.firewall script problems Jesse Morgan (Mar 27)
- Re: rc.firewall script problems Earl Sammons (Mar 27)
- Re: rc.firewall script problems Craig Holmes (Mar 28)