Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
What did the iptables -L command say about the policies set for the chains?
Setting no rules and a DROP policy would be the absolute security, since it won't let anything through.
Try
# iptables -L -n -v --line-numbers
Look at the file
cat /etc/sysconfig/iptables
It should contain all of the rules currently in force.
Consider turning off redhats firewall, then create your own
using the /sbin/iptables command. It takes a little bit of reading
to figure it all out but then you know what you're working with.
I don't know what scripts the graphical firewall program causes to be run when you boot up. So I'd go into the GUI and turn it off, then you will never have to deal with it anymore. See my previous post and look at the /etc/sysconfig/iptables file, that file should contain the firewall rules to be applied when you boot up. The file is created by saving the iptables, there is an option to /sbin/iptables to do that. I believe the graphical tools writes to that file and when you disable the redhat firewall the only rules that are left will be the rules to accept all incoming and outgoing packets.
If you get discouraged trying to figure out iptables, you might want to consider using a GUI called guarddog (do a search to obtain it if you want it) which makes setting firewall parameters very easy. Guarddog requires a certain amount of KDE stuff to be installed, but apart from that it should be a snap to install and use.
Guarddog and any other gui based firewall generators are a pain. They have limited functunality. No one could possibly design tools like that with the whole world in mind. So it just gives you a small set of "basic" options. At least I've never found a gui-firewall to meet my needs.
I think its much better to use a very extensive script or just learn iptables.
Originally posted by jev-bird Guarddog and any other gui based firewall generators are a pain. They have limited functunality. No one could possibly design tools like that with the whole world in mind. So it just gives you a small set of "basic" options. At least I've never found a gui-firewall to meet my needs.
I think its much better to use a very extensive script or just learn iptables.
Well, it kinda comes down to the age-old question of how much time a user is able or willing to devote to learning such things. I spend too much time at the computer already! For my simple needs (browsing, email, and website administration), Guarddog is a godsend. I don't need anything beyond basics.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.