LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 07-19-2004, 08:51 AM   #1
hoarenet
LQ Newbie
 
Registered: Jun 2004
Distribution: Mandrake 10
Posts: 29

Rep: Reputation: 15
Shorewall and iptables for mandrake 10


I have had a problem with my shorewall firewall in that I can't get access to the web unless I set shorewall to allow everything (no firewall).

The following script was supplied by a member called qwijibow to another user with the same problem and similar configuration but he didn't explain where the script is supposed to be placed on a mandrake 10 community setup.

# qwijibow code start:

# reset firewall
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT

# allow loopback traffic
iptables -A INPUT -d lo -j ACCEPT

# un comment out if you want this machine to respond to pings
# iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# allow established or related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# un-comment out to trust all pc's on your lan.
#iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT

# un comment out if this machine is a printer server, and you have NOT truested all machies on your lan
#iptables -A INPUT -p tcp --dport 631 -s 192.168.0.0/16 -j ACCEPT

# qwijibow code end

In my ignorance, I placed it in the shorewall start file as it states in that file that any commands that you want to be carried out after shorewall resets or starts should be in there. It did seem to work at first without booting the system and I thought everything was fixed but after a cold start it froze after going into KDE with just a mouse pointer.

I commented out my entries in the shorewall start file and rebooted and KDE started ok.

Can anyone tell me where a script like this is a) likely or b) supposed to go.

I won't hold anyone to ransom if it doesn't work as I'm prepared to experiment.

I would appreciate any help. Thanks





__________________
Registered Linux user #359285
http://counter.li.org/ qwijibow
 
Old 09-02-2004, 11:02 PM   #2
zatriz
Member
 
Registered: Aug 2003
Location: Seattle, Wa
Distribution: Fedora,Trustix,Debian
Posts: 290

Rep: Reputation: 30
This looks like a firewall script sometimes called rc.scripts
When you have a script like this you have an either or situation. You can either use this script or use shorewall. But not them togather, its possible to use them togather but the way that shorewall works it might cause conflicts with this script.

So the best thing to do if you want to use this script is put the whole script like it is just paste it into the rc.local file
Its the last file that loads your configs.
i believe it is located at
/etc/rc.d/rc.local or
/etc/init.d/rc.local or
 
Old 09-03-2004, 03:27 AM   #3
hoarenet
LQ Newbie
 
Registered: Jun 2004
Distribution: Mandrake 10
Posts: 29

Original Poster
Rep: Reputation: 15
Thank you very much ZATRIZ.

I did post this a while ago but didn't get any replies so did a bit of experimenting of my own. I saved the script as an executable file called mywall in the executables path. When I start the PC I login as root and execute mywall and then login again as my user name. Although it's a bit long winded It seems to work fine for blocking everything. No pings and all ports stealth.

I will however try what you have suggested so that the process can be automated.

I think that if Linux ensured that newbies, using a single PC, could get up and running with a secure connection to the internet immediately. Then things would be a lot simpler and newbies could start Googling for tips and tricks.

Setting up a firewall is not even easy for experienced users as the posts to these boards show.

Thank you again for taking the trouble to reply
 
Old 09-03-2004, 05:05 PM   #4
zatriz
Member
 
Registered: Aug 2003
Location: Seattle, Wa
Distribution: Fedora,Trustix,Debian
Posts: 290

Rep: Reputation: 30
you can even just type the location of the mywall in the rc.local file and that will work just as well.
like in the rc.local file type put
/home/mywall
if thats where it is and that will work fine
 
Old 09-03-2004, 05:22 PM   #5
linuxboy69
Member
 
Registered: Oct 2003
Distribution: Redhat 9
Posts: 138

Rep: Reputation: 15
I don't know how well you know shell scripting but if you are interested, you can make a great firewall script that way. For example, my firewall script is 1347 lines. What I did was made a script that uses a configuration file to setup the firewall rules. Say I want to allow ssh connections... I just go to my 20 line configuration script and change "ALLOW_SSH=0" to "ALLOW_SSH=1" and restart my firewall script. I got the original script off of the internet (god bless the man who originally put in all the code) and tweeked it for my own computer. I was trying to find it again so I could give you the address but I was unable to locate it. Just an idea to give you some other options.
 
Old 09-03-2004, 06:21 PM   #6
zatriz
Member
 
Registered: Aug 2003
Location: Seattle, Wa
Distribution: Fedora,Trustix,Debian
Posts: 290

Rep: Reputation: 30
if you want to go that route then check out shorewall
i think the best firewall iptables ever made shorewall.
 
Old 09-04-2004, 10:31 AM   #7
hoarenet
LQ Newbie
 
Registered: Jun 2004
Distribution: Mandrake 10
Posts: 29

Original Poster
Rep: Reputation: 15
Thanks again for your suggestions.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
shorewall iptables, ftp xilace Linux - Networking 8 11-16-2006 11:52 AM
Newbie question about iptables/shorewall syeronne Linux - Security 4 12-05-2005 05:18 PM
No Shorewall/IPtables: not inbound connections allowed psychobyte Mandriva 3 05-25-2005 02:29 AM
IPtables vs Shorewall in Mandrake 9.2 filiphw Linux - Security 1 12-30-2003 04:39 PM
Nightmare - IPTABLES / Shorewall acadcworks Linux - Security 1 01-27-2003 05:22 AM


All times are GMT -5. The time now is 06:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration