LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Mandriva (http://www.linuxquestions.org/questions/mandriva-30/)
-   -   Probs with shorewall, what's your choice of firewall? (http://www.linuxquestions.org/questions/mandriva-30/probs-with-shorewall-whats-your-choice-of-firewall-608226/)

GlennsPref 12-20-2007 05:43 PM

Probs with shorewall, what's your choice of firewall?
 
Hi, I'm using mandy 2008.0, and I get an error about ipsec not found during shutdown.

I have read some about it and it seems shorewall, mandy and/or kernel are not in sync.

Are there other iptables-firewalls that do not require ipsec?

And do you have any recommendations?

I have a firewall in the adsl-router, but to be sure, I also use Comodo FW in winxp, and normally use shorewall for mandriva.

Thanks in advance and Happy holidays folks.

regards, Glenn

<edit>
Well, I've just tried kmyfirewall, but it can't find a file libkmfcompiler_ipt.la. And I can't find it either.

Now I'm going to try firestarter, ....
</edit>
<edit>
firestarter has a memory error on my machine.
[root@GlennsPref ~]# firestarter Firewall started Firewall started ***MEMORY-ERROR***: firestarter[10993]: GSlice: assertion failed: sinfo->n_allocated > 0 ***MEMORY-ERROR***: firestarter[10993]: GSlice: assertion failed: sinfo->n_allocated > 0

I disabled iptables from starting at boot, to allow firestarter to start the service.

Not sure about the GSlice error, though.
</edit>

GlennsPref 12-20-2007 10:23 PM

Both of the rpm packages were mandy 2008 x86_64. But neither actually worked. (with iptables on or off)

The sources are not that much better, since then I have tried to compile kmyfirewall, but it can't find the path to kdelibs and/or kde-config. wtf?

I must have an iptables script here someplace.

Here's to progress. Glenn

GlennsPref 12-21-2007 07:55 PM

Firewall without gui adventure
 
http://easyfwgen.morizot.net/gen/index.php Provides an easy script online.

Details of installing the script....
step through the script from the web page mentioned above, selecting any services you need. for home use and not supporting a web server, you may not need to change anything, just go ahead and run the script generator.

copy the text from the output of the script generator to your favourite text editor.

You may need root to do this.
Now, go to /etc/init.d and rename iptables to iptables.orig

Then save your text as iptables in /etc/init.d

You may need to dos2unix the file to delimit/remove carriage returns.

cd /etc/init.d (change directories to /etc/init.d/)

dos2unix -U iptables (-U will change to unix if dos or mac)

Now you need to make the file executable, I did this in a root session of kde, with a file manager (konqueror) by right click, properties, permissions. and check the box executable.

Now when ever iptables is started the firewall script is used.

After restarting iptables (reboot?) you can check with ShieldsUp! by going to www.grc.com (Gibson Research Corporation) and first selecting ShieldsUp! (hotspots section) then click the proceed button, next there may be a popup (you need to continue to do the test) just click continue.

Now you can select the port range to check for open, closed and stealth ports. Remember that a closed port means there is a port there.

Select all service ports, in the middle of the bunch.

You should see some info about your ip address as GRC and the rest of the web sees it.

Read some of the info supplied on the page as the test runs to see what is what.

Works so far, full stealth.

Before the NTP (network Time Protocol) was showing closed on port 123.
Which means that I'm home, but not answering. (an active connection)

I hope this helps someone. Glenn:study:


All times are GMT -5. The time now is 06:43 AM.