LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-14-2010, 03:33 AM   #1
ericdanc
LQ Newbie
 
Registered: Dec 2009
Location: Norddeutschland
Distribution: Etch and Lenny
Posts: 25

Rep: Reputation: 15
how to manage/monitor fwbuilder in Lenny?


i start fwbuilder with debug option:
# ssh root@localhost sudo -S /etc/fw/firewall.fw
and iptables rules are setup without any errors.

What exactly is the fwbuilder firewall? Simply this iptables set of rules? Or the running fwbuilder script (firewall.fw)? Both?

What now? How do I see what's going on?

When i scan with nmap, it doesn't seem to matter if i have a firewall running or not. I have used firestarter till now.

Last edited by ericdanc; 01-15-2010 at 04:34 AM.
 
Old 01-16-2010, 08:13 AM   #2
emi_ramo
Member
 
Registered: Apr 2007
Location: Barcelona, Spain
Distribution: Debian, KUbuntu
Posts: 213

Rep: Reputation: 36
Hello,
fwbuilder creates a shell script (.fw) which makes calls to programs (iptables and others) to make the firewall (.fwb) rules effectives. To insert the fw, you only need to execute the shell script (.fw), making it executable (chmod +x *.fw) or calling it via a shell (bash *.fw). iptables makes changes to the kernel IP tables.

iptables throws its messages to /var/log/kern.log (deppending on configuration). There, you'll find lots of DENY/ACCEPT lines, which refers to your fwb rules. Each line tells source and destination address (SRC and DST), source and destination port (SPT and DPT), MAC addresses, time, device, protocol (TCP or UDP) and other IP flags.

I don't know about any debugging program other than grep
Code:
grep "DPT=80" kern.log | grep DENY
See you!!
emi
 
Old 01-17-2010, 09:17 AM   #3
ericdanc
LQ Newbie
 
Registered: Dec 2009
Location: Norddeutschland
Distribution: Etch and Lenny
Posts: 25

Original Poster
Rep: Reputation: 15
fwbuilder docs are good - to a point: i got a fw-script compiled and installed. It seems, tho, then the docs just stop. I run the script and i see the iptables rules scrolling by (or in/var/log/kern.log). Is that it? Am i done? Does the fw-script run in the background? Does fwbuilder have some sort of admin functionality? I thought that was the purpose of the "management interface", ie some sort of admin.

With debug, i meant the fwbuilder "script options" debug.

i run iptraf and firestarter still, because i'm unsure about fwbuilder...
 
Old 01-17-2010, 11:28 AM   #4
emi_ramo
Member
 
Registered: Apr 2007
Location: Barcelona, Spain
Distribution: Debian, KUbuntu
Posts: 213

Rep: Reputation: 36
Quote:
fwbuilder docs are good - to a point: i got a fw-script compiled and installed. It seems, tho, then the docs just stop.
Compiled and installed means that fwbuilder has translated your fw rules from fwbuilder own language (xml) to a iptables based shell script and copied to the server. To run this script, you can do it manually or via a init script, ensuring it is executed every time the machine comes up. A good place to call it from is the final init script on (at least) Debian machines: /etc/rc.local . You don't need any other fw script, program or anything.

Quote:
I run the script and i see the iptables rules scrolling by (or in/var/log/kern.log). Is that it? Am i done? Does the fw-script run in the background?
These 'iptables rules scrolling' are shown because of the enabled debug option. And they correspond to the commands executed by the shell script. iptables are some kind of special kernel feature: they are modified by programs like iptables, but they are completely managed by kernel and/or kernel modules. No need of any special admin tool, neither daemon nor background program. Still, if you like, you can install log analyzers to ensure you're advised if anything special happens on your network.

Quote:
Does fwbuilder have some sort of admin functionality? I thought that was the purpose of the "management interface", ie some sort of admin.
As told, no. fwbuilder just helps creating the shell script that will modify kernel iptables. To control what is happening on your interfaces, you'll need any linux network analyzer program (tcpdump, iptraf, iftop, nethogs, etc) and/or a fw log analyzer (I don't know any, but sure they exist).

To see if the rules are working as expected, you'll probably need grep:
  • if http server port is being denied:
    Code:
    grep "DPT=80" /var/log/kern.log | grep DENY
  • if smtp server port is being accepted:
    Code:
    grep "DPT=25" /var/log/kern.log | grep ACCEPT
  • if server can send via the dns port:
    Code:
    grep "SPT=53" /var/log/kern.log | grep ACCEPT
  • ...and so on.

Quote:
With debug, i meant the fwbuilder "script options" debug.

i run iptraf and firestarter still, because i'm unsure about fwbuilder...
To live analyze the fw, as told, you'll need a log analyzer. If you need to modify the fw, you'll need to edit it with fwbuilder, re-compile it and re-install it to the server. If you know enough, you can modify it with iptables calls, but you'll need to add them too to the fw shell init script.

See you!!
emi
 
1 members found this post helpful.
Old 01-18-2010, 03:20 AM   #5
ericdanc
LQ Newbie
 
Registered: Dec 2009
Location: Norddeutschland
Distribution: Etch and Lenny
Posts: 25

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by emi_ramo View Post
Compiled and installed means that fwbuilder has translated your fw rules from fwbuilder own language (xml) to a can modify it with iptables calls, but you'll need to add them too to the fw shell init script.
.....
See you!!
emi
Ok, thanks emi, thats what i wanted to know...
 
  


Reply

Tags
debian, firewall


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Debian Lenny: Letting a network-time server manage your clock LXer Syndicated Linux News 0 12-31-2009 03:00 AM
Can Debian Stable Lenny work with X with a monitor of 1024 x 576 pixel ? frenchn00b Debian 1 09-04-2009 11:27 AM
Debian Lenny Monitor Power Saving Configuration bruceam Debian 2 08-01-2009 02:34 PM
fwbuilder Nikosis Slackware 3 03-05-2007 05:31 AM
Help with fwbuilder lmcilwain Linux - Software 0 09-27-2005 10:24 AM


All times are GMT -5. The time now is 07:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration