Honeypots mailing list archives
honeywall roo: rc.firewall questions
From: James Oliver <686f6e6579 () gmail com>
Date: Thu, 26 May 2005 23:25:37 +0200
Hi, While going through the rc.firewall script of the new honeywall roo the following questions came up: A) Assumptions: *) ROACHMOTEL is not enabled *) HwRESTRICT is enabled That means that connections from the honeypots are possible to ports defined in HwALLOWED_TCP_OUT and HwALLOWED_UDP_OUT. Looking at http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html#section5 I thought that means that iptables rules have to operate on the FORWARD rule. However, the following iptables commands (after the "if [ "${HwROACHMOTEL_ENABLE}" = "no" ]; then") operate on the OUTPUT rules: [...] for port in ${HwALLOWED_TCP_OUT}; do iptables -A OUTPUT -p tcp --dport $port -m state \ --state NEW,ESTABLISHED,RELATED -j ACCEPT done [...] Where am I wrong, or is this a bug in the roo rc.firewall script? B) Is there a supported way to allow the Honeywall the updating via yum, e.g. allow new outgoing TCP connections for yum, together with outgoing UDP packets for the nameserver queries or do I have to execute iptables scripts myself, when I want to do the update? Bye and thanks for your answers, James
Current thread:
- honeywall roo: rc.firewall questions James Oliver (May 26)
- Message not available
- Re: honeywall roo: rc.firewall questions Jocelyn Parker (May 28)
- Message not available
- <Possible follow-ups>
- Re: honeywall roo: rc.firewall questions Earl Sammons (May 27)
- Re: honeywall roo: rc.firewall questions James Oliver (May 28)
- Re: honeywall roo: rc.firewall questions Earl Sammons (May 29)
- Re: honeywall roo: rc.firewall questions Earl Sammons (May 29)