LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-24-2001, 10:13 PM   #1
zhenwu
Member
 
Registered: Jul 2001
Location: Taiwan (ex-Victoria BC)
Distribution: RH 9.0
Posts: 126

Rep: Reputation: 15
RH 7.1 firewall-config ?


I had installed RH 7.1, and found the GUI interface of firewall-config very handy (still getting the hang of term window commands).

For an unrelated reason I had to re-install, and have since lost that command. I therefore need to figure out if a) I even HAVE a firewall running (I can ping my address from another comp.), and b) how to configure it.

I do know that when I installed this time I set the firewall to 'high' security...

Thanks for any help you can give.
 
Old 07-25-2001, 05:59 PM   #2
d3funct
Member
 
Registered: Jun 2001
Location: Centralia, WA
Posts: 274

Rep: Reputation: 31
You can access that firewall configuration dialog by typing "setup" as root.
 
Old 07-25-2001, 09:19 PM   #3
KevinJ
Member
 
Registered: Feb 2001
Location: Colorado Springs, CO
Distribution: Redhat v8.0 (soon to be Fedora? or maybe I will just go back to Slackware)
Posts: 857

Rep: Reputation: 30
you can??
 
Old 07-26-2001, 10:34 AM   #4
d3funct
Member
 
Registered: Jun 2001
Location: Centralia, WA
Posts: 274

Rep: Reputation: 31
Well,

I don't know if you can, but I can. Just su to root and type setup you get the "text mode setup utility 1.7" with a menu kinda like this

Choose a tool

Authentication Configuration
Firewall Configuration
Keyboard configuration
Mouse configuration
Network configuration
System services
Timezone configuration
X configuration

Run Tool Quit


if you choose the Firewall Configuration you get
_________________| Firewall Configuration|_____
A firewall protects against unauthorized network intrusions. High security blocks all incoming accesses. Medium blocks access to system services (such as telnet or printing), but allows other connections. No firewall allows all connections and is not recommended.

Security Level: (*) High ()Medium () No firewall

OK Customize Cancel

Have you ever done this one?
 
Old 07-26-2001, 10:36 AM   #5
d3funct
Member
 
Registered: Jun 2001
Location: Centralia, WA
Posts: 274

Rep: Reputation: 31
Granted this is not real firewall configuration, but it is the firewall configuration you run through during installation/setup of the system.
 
Old 07-26-2001, 10:48 AM   #6
KevinJ
Member
 
Registered: Feb 2001
Location: Colorado Springs, CO
Distribution: Redhat v8.0 (soon to be Fedora? or maybe I will just go back to Slackware)
Posts: 857

Rep: Reputation: 30
Hrmm...I don't have that Firewall Config option. Maybe its something I left out during install.
 
Old 07-26-2001, 11:17 AM   #7
d3funct
Member
 
Registered: Jun 2001
Location: Centralia, WA
Posts: 274

Rep: Reputation: 31
That could be, I installed everything with RH 7.1 because I wanted to look at all of it and see how it all worked together and look for buggy apps. I've been pretty happy, not much core dumping, but I'm still having great fun with IPtables doing masquerading and forwarding. Take it easy.
 
Old 07-27-2001, 03:59 AM   #8
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Ok as the other guys answered your B question I'll answer your A question.

On RH7.1 you have 2 types of firewalls, iptables and ipchains. "iptables been the newer one"

To find out if you have any of these firewalls running type:

"as root"
/etc/rc.d/init.d/ipchains status

if nothing is returned then your not using ipchains.
If something is returned with all accept rules the your running a firewall with everything open "accept".

or type:
/sbin/iptables --list

If you get error messages then iptables is not working or installed correctly, otherwise you get a list of the policy settings.

/raz
 
Old 07-31-2001, 02:12 AM   #9
zhenwu
Member
 
Registered: Jul 2001
Location: Taiwan (ex-Victoria BC)
Distribution: RH 9.0
Posts: 126

Original Poster
Rep: Reputation: 15
Thanks raz, that helps.



So, then, here's one last question (for now ) :

I went to the sygate site, and most things were blocked, a couple were closed but ICMP was wide open. I looked through my firewall script (ipchains) to see if I could find where that might be set, but wasn't able to.

Preferably I'd like to run silent, do you have any suggestions?
 
Old 08-01-2001, 04:27 AM   #10
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Yes I have some suggestions:

Sorry for the late response, I was off on holiday.

To help make your firewall more stealthy add these lines to your current script.

sysctl -w net.ipv4.tcp_max_syn_backlog=256
sysctl -w net.ipv4.tcp_syn_retries=5
sysctl -w net.ipv4.vs.timeout_synack=60
sysctl -w net.ipv4.route.mtu_expires=512
sysctl -w net.ipv4.tcp_keepalive_time=7600
sysctl -w net.ipv4.icmp_echoreply_rate=10
sysctl -w net.ipv4.tcp_fin_timeout=360
sysctl -w net.ipv4.tcp_rfc1337=1
echo 0 > /proc/sys/net/ipv4/ip_no_pmtu_disc
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/ip_always_defrag
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 61 > /proc/sys/net/ipv4/ip_default_ttl
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
ipchains -A input -p udp -d your_internet_ip_address -s 0/0 33434:33600 -j REJECT -l
ipchains -A output -p icmp -s 0/0 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 0 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 3 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 4 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 9 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 12 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 14 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 18 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 8 -d 0/0 -j DENY -l
ipchains -A input -p icmp -s 0/0 --icmp-type 11 -d 0/0 -j DENY -l
ipchains -A input -p icmp -s 0/0 --icmp-type 10 -d 0/0 -j DENY -l
# some of the other types of ICMP's won't work through ipchains like type 13 or 17 so leave them out

/Raz
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
initial firewall config help gfem Fedora 3 01-26-2005 02:03 PM
firewall config questions robhargreaves Linux - Security 2 05-30-2004 05:46 AM
firewall config in slackware bashrc2 Linux - Security 1 04-26-2004 07:24 PM
firewall config no1d Linux - Software 5 02-28-2003 05:37 PM
config Net2Phone on firewall Han_Solo Linux - Security 2 10-24-2001 05:33 AM


All times are GMT -5. The time now is 09:16 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration