LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-21-2003, 10:34 PM   #1
cirkut5732
Member
 
Registered: Apr 2003
Posts: 94

Rep: Reputation: 15
Guarddog Firewall


just a hopefully simple question here,

im nmapping myself to check for some holes ans such and noticed logging into my box with ftp and ssh were simple, so i looked at my guarddog config and blocked both ftp and ssh and still when i use ftp to log into my system it connects?? shouldnt it refuse me??
i know guarddog is considered pussy in the Linux world but im still new to the iptables thing and needed something even if it is basic!
 
Old 04-22-2003, 01:47 PM   #2
Proud
Senior Member
 
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794

Rep: Reputation: 116Reputation: 116
Hey, I use Guarddog too, and think it's better than slapping some buggy iptables script in til I can find time to learn it.

Which version are you using? Does it give the little output status window when you apply the new rules? Eg:

Using iptables.
Resetting firewall rules.
Loading kernel modules
Setting kernel parameters.
Configuring firewall rules.
Finished.

Sure you're not changing the rules for the wrong zone, eg changing Internet access but logging in via Local/LAN?
 
Old 04-22-2003, 03:07 PM   #3
cirkut5732
Member
 
Registered: Apr 2003
Posts: 94

Original Poster
Rep: Reputation: 15
i dont know what version. im not at my box. i know its the newest version cause i got it last night!! ya when i make changes it says iptables updated and all that, you think guarddog is better than a real script?? huh, maybe ill stick with guarddog then!!!! i know it works good cuase i went to that website that scans your ports and all and the only one that came up was stmp and the rest were marked stealth!!!! ya baby!!!, anyways ill try what you said. thanks!!!
 
Old 04-22-2003, 05:43 PM   #4
Proud
Senior Member
 
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794

Rep: Reputation: 116Reputation: 116
Well can you remember if you got a prepacked .rpm, or compiled from the 2.0.0 source, or the development 2.1.3 maybe?
If you open your /etc/rc.firewall in a text editor (as root, and I'd be careful not to execute it instead) you can see the commented script which generates the rules.
It is generating quite a good ruleset, and with such an easy gui it's great til you learn exactly which rules you need to write.
I'd just be certain to check that ftp thing though.

I think I'll go hunt an Mdk9.1 rpm of 2.1.3 now actually, Guarddog rules
 
Old 04-22-2003, 08:15 PM   #5
cirkut5732
Member
 
Registered: Apr 2003
Posts: 94

Original Poster
Rep: Reputation: 15
It must have been source.. i had to do ./configure, make, make install, to get it to work and it was in tar.gz format. and ya i have the regular 2.0 version.
 
Old 04-23-2003, 01:18 PM   #6
Proud
Senior Member
 
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794

Rep: Reputation: 116Reputation: 116
Well I resorted to trying to compile 2.1.3 and when making it couldnt find /usr/lib/libfam.la but my system does have a /usr/lib/libfam.so.0
I'll wait for at least 2.1.0 mdk9.1 rpms

Last edited by Proud; 04-23-2003 at 01:20 PM.
 
Old 04-23-2003, 02:54 PM   #7
cirkut5732
Member
 
Registered: Apr 2003
Posts: 94

Original Poster
Rep: Reputation: 15
so dou you know why it wont block my smtp port, i have it blocked
in the options but when i iuse the shields up website to scan me
it says its still wide open!!! everything else blocks, telnet..ftp..etc.
 
Old 04-23-2003, 03:04 PM   #8
Proud
Senior Member
 
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794

Rep: Reputation: 116Reputation: 116
If you read through the rc.firewall script, in the iptables bit, there is:
Quote:
# Allow certain critical ICMP types
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT # Dest unreachable
iptables -A OUTPUT -p icmp --icmp-type destination-unreachable -j ACCEPT # Dest unreachable
iptables -A FORWARD -p icmp --icmp-type destination-unreachable -j ACCEPT &> /dev/null # Dest unreachable
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT # Time exceeded
iptables -A OUTPUT -p icmp --icmp-type time-exceeded -j ACCEPT # Time exceeded
iptables -A FORWARD -p icmp --icmp-type time-exceeded -j ACCEPT &> /dev/null # Time exceeded
iptables -A INPUT -p icmp --icmp-type parameter-problem -j ACCEPT # Parameter Problem
iptables -A OUTPUT -p icmp --icmp-type parameter-problem -j ACCEPT # Parameter Problem
iptables -A FORWARD -p icmp --icmp-type parameter-problem -j ACCEPT &> /dev/null # Parameter Problem
Maybe this is the issue, or maybe I dont have the same settings for such ports.

Edit: You said SMTP, not ICMP
Still might be something in there...

So is it now blocking ftp when previously it wasnt?

Last edited by Proud; 04-23-2003 at 03:07 PM.
 
Old 04-23-2003, 07:59 PM   #9
cirkut5732
Member
 
Registered: Apr 2003
Posts: 94

Original Poster
Rep: Reputation: 15
umm, no i guess ftp is still giving access, i just ftp'd myself and i connected, how do i refuse connection to that?? i got telnet refusing but ya ill check my .rc file and se what it looks like, even though i wouldnt really know how to modify it, im still new and the hardest things ive done so far was compiling mplayer and wine, well getting wine to work!!! it was easy to install so ya im really into internet security and basically want my system to be real hard to break into, and one more thing, does guraddog update their product weekly,monthly,yearly, etc..
 
Old 04-24-2003, 02:10 PM   #10
Proud
Senior Member
 
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794

Rep: Reputation: 116Reputation: 116
Quote:
Sure you're not changing the rules for the wrong zone, eg changing Internet access but logging in via Local/LAN?
Did you check that?

I dunno how to modify it either atm.

From browsing their site, there seems to be a lot of effort focused on testing and debugging the new Development version 2.1.3, while the official stable release seems to be held at 2.0.0. Maybe try 2.1.1 for newer release vs stability and security.

Quote:
The usual Open Source approach to testing involves releasing "beta" or "Release Candidate" versions of a piece of software and then allowing people to try it out and report any problems they encounter. Unfortuately this means that any features that are not used by the users are assumed to be in a state acceptable for release. This is may be acceptable for most software, but for security software it is not. We must assume the worst until proven otherwise. This means assuming that Guarddog's protocol support is insecure until proven secure.

Unfortunately I don't have access to all of the different software or the time to test every protocol myself. But you can help by following the instructions on this page and sending me your results. By putting together information from user reports I hope to determine which protocols people are successfully using and which ones need fixing. I'll also tabulate results and update the protocol testing table (the "scoreboard") that appears lower on this page.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Kanotix firewall vs guarddog theMagus Linux - Networking 0 06-03-2005 04:33 AM
Guarddog Firewall and java applets Xett Linux - Security 2 10-18-2004 05:13 PM
Guarddog firewall with Mandrake 10 and kernel 2.6.3 duffboygrim Linux - Security 5 05-01-2004 09:37 AM
Guarddog Firewall Error leeach Linux - General 1 10-03-2003 01:59 PM
GuardDog/Firewall Question h1tman Linux - Security 2 08-12-2003 12:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration