LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


View Poll Results: How have you configured IPTABLES on your system[s]?
Easy Firewall Generator (or a derivative like Alien Bob's, post link please) 12 9.84%
Firestarter 21 17.21%
KMyFirewall 4 3.28%
fwbuilder 2 1.64%
Guarddog 17 13.93%
Script from an LQ forum post (link please) 1 0.82%
Some other script (link please) or GUI 44 36.07%
Don't use iptables 24 19.67%
Multiple Choice Poll. Voters: 122. You may not vote on this poll

Reply
  Search this Thread
Old 03-01-2007, 02:30 PM   #46
hpp3
LQ Newbie
 
Registered: Jan 2007
Location: Bremerton, WA USA
Distribution: Debian Testing
Posts: 15

Rep: Reputation: 3

erm, fireHOL.
http://firehol.sourceforge.net/
(does that count as a EFW derivative?)

then finetuning by hand. But then again, FireHOL is configured by hand...

Anyone used the Bifrost GUI?
http://bifrost.heimdalls.com/
 
Old 03-01-2007, 03:32 PM   #47
x-nc
Member
 
Registered: Feb 2007
Location: VA, USA
Distribution: CentOS, Fedora
Posts: 53

Rep: Reputation: 5
The same way I code html

I use vim to hack the iptables configs. It's faster and easier for me.
 
Old 03-02-2007, 08:32 AM   #48
Vincent_Vega
Member
 
Registered: Nov 2003
Location: South Jersey
Distribution: Slackware, Raspbian, Manjaro
Posts: 826

Rep: Reputation: 31
How in the world did a Slackware poll on iptables not include the "Manually" option??
 
Old 03-02-2007, 04:30 PM   #49
mr-roboto
Member
 
Registered: Aug 2006
Location: NYC in the US of A
Distribution: Slax, FreeBSD, PCLinuxOS, Ubuntu, TurnkeyLinux
Posts: 51

Rep: Reputation: 16
Good thread, w/ a minimum of the arrogant, pissing on other guy's shoes. I've taken the path most have. No fwall at first, then something hand-rolled (current config.) Part of me wants to grab IPTABLES by the horns and 'bend it to my will', so to speak. Frankly, I can't get up for that anymore, since real coding beckons and screwing around w/ the fwall isn't real coding.

Like pbhj, I played w/ GuardDog, but while it's a nice bit of code, I too want a single solution that will do the same for a router that it does for a wkstation from a GUI app. Have some stuf to look at bec of thias thread.

As an intermediate step, I would welcome a suggestion for a straight-fwd, parameterized script designed around the idea a list of diff objects to permit, like incoming ports, port(s) to forward to an IP, NAT enable, blocking the rest. I can sort thru the rest as time allows.

TIA. Later....Jet
 
Old 03-02-2007, 05:53 PM   #50
mr-roboto
Member
 
Registered: Aug 2006
Location: NYC in the US of A
Distribution: Slax, FreeBSD, PCLinuxOS, Ubuntu, TurnkeyLinux
Posts: 51

Rep: Reputation: 16
Quote:
Originally Posted by mr-roboto

<snip>

As an intermediate step, I would welcome a suggestion for a straight-fwd, parameterized script designed around the idea a list of diff objects to permit, like incoming ports, port(s) to forward to an IP, NAT enable, blocking the rest. I can sort thru the rest as time allows.

TIA. Later....Jet
I answered my own inquiry ! Alien Bob's script thingie is what I was looking for ! Eventually, I think KMyFirewall will be my ultimate solution, but simply to gen a static script, from someone who already knows how IPTABLES works, a quik trip to Alien Bob's place gave me what I wanted !
 
Old 03-02-2007, 09:20 PM   #51
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301
Alien Bob's EFG derivative (mentioned earlier) works very well ... I recommend it, with some hand-tuning if you need. It's very fast and easy ... run it, copy to /etc/rc.d/rc.firewall, make it executable and that's it.

Last edited by H_TeXMeX_H; 03-02-2007 at 09:22 PM.
 
Old 03-03-2007, 05:07 PM   #52
mr-roboto
Member
 
Registered: Aug 2006
Location: NYC in the US of A
Distribution: Slax, FreeBSD, PCLinuxOS, Ubuntu, TurnkeyLinux
Posts: 51

Rep: Reputation: 16
I have one question. I've setup a couple boxes w/ IPTABLES firewalls, but I continue to have one problem: I can't access my web server (or anything else) from the server box itself. I can't PING the box itself or use LYNX to access the local server.

Code:
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
I'm trying variations of the above line (I know it's not the answer), but this is where I don't grok IPTABLES at all. I don't understand what's being blocked. I can access the web browser from my internal box via the internal or external addresses. BTW, I'm still using the Alien Bob script, which I'd hoped would address/illuminate this subj. I setup the script as a router to permit access to SSH and HTTP(S).

The quoted line is something I found by GOOGLEing for IPTABLES and "local access". Way too broad a search, but I simply don't understand what I'm looking for....Jet
 
Old 03-08-2007, 09:14 AM   #53
pbhj
Member
 
Registered: Dec 2002
Location: UK
Distribution: Slackware 12; Ubuntu 7.10
Posts: 358

Original Poster
Rep: Reputation: 32
How in the world did you not read the thread ...?

Quote:
Originally Posted by Vincent_Vega
How in the world did a Slackware poll on iptables not include the "Manually" option??
At least two others asked this and I explained that "some other script" to my mind included the set of "self-written". The reason I had "some other script" was that I wanted to include those generated by an app / script and amended beyond recognition.

Unless of course you mean sitting down and writing the iptables in each time you boot (which isn't then a script), in which case, yeah I forgot that option.

LOL

 
Old 03-26-2007, 08:39 PM   #54
pbhj
Member
 
Registered: Dec 2002
Location: UK
Distribution: Slackware 12; Ubuntu 7.10
Posts: 358

Original Poster
Rep: Reputation: 32
should this be a sticky?
 
Old 03-28-2007, 07:28 AM   #55
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
Quote:
Originally Posted by mr-roboto
I have one question. I've setup a couple boxes w/ IPTABLES firewalls, but I continue to have one problem: I can't access my web server (or anything else) from the server box itself. I can't PING the box itself or use LYNX to access the local server.

Code:
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
I'm trying variations of the above line (I know it's not the answer), but this is where I don't grok IPTABLES at all. I don't understand what's being blocked. I can access the web browser from my internal box via the internal or external addresses. BTW, I'm still using the Alien Bob script, which I'd hoped would address/illuminate this subj. I setup the script as a router to permit access to SSH and HTTP(S).

The quoted line is something I found by GOOGLEing for IPTABLES and "local access". Way too broad a search, but I simply don't understand what I'm looking for....Jet

If you cannot access anything from the server, my first suggestion would be to stop the firewall from running and then flush all the rules and set it to allow everything.

At the command line type

Code:
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT

This will clear out all rules and allow everything, once that is done try to ping 127.0.0.1 again. If that fails then you either do not have the netowrk card setup with the right drivers, or the network card is dead. Even with the cable disconnected, you still should be able to ping the loopback device.

If clearing the rules you can then get a connection, then we know it will have something to do with the iptables rules, we can then take it from there.
 
Old 08-13-2007, 11:50 AM   #56
perry
Member
 
Registered: Sep 2003
Location: USA & Canada
Distribution: Slackware 12.0
Posts: 978

Rep: Reputation: 30
I was using Arno's IPTABLES Firewall Script

ARNO's IPTABLES Firewal

Up to version 10.0 of Slackware but since have not bothered with any firewall at all. Would like to know the latest & greatest, great thread! For those who would like to give it a try here's some info on how to set it up. Doesn't seem to work out of the box like it did before. So maybe I'll give it another try or try something else.
Code:
   CHAPTER 7
------------------------------------------------------------------------------
   Using iptables

   iptables is IP packet filter administration. A lot of people use
   iptables as a firewall. A firewall protects a computer from intruders,
   theoretically. A firewall is as secure as the configuration.

   In this manual, you will install iptables if necessary, disable any
   firewall front-ends, install Arno's iptables script, install Arno's
   iptables service, log iptables messages, view the log, log incoming
   traffic, check iptables status, and troubleshoot unresolved symbol boot
   errors.

   Before moving forward, check that iptables is installed:

     which iptables

     /usr/sbin/iptables

   If it is installed, skip to Installing Arno's iptables Script.


   Installing iptables

   The best way would be to install iptables using your distro's package
   manager to minimize any dependency issues. Compiling and installing
   would be the last option. You need to know where your kernel source
   resides.

   1. Download iptables-1.2.11.tar.bz2 to your home directory
   2. Open a terminal or console, switch user to root, decompress the
   iptables download, change directory to the install directory, locate the
   kernel source, install iptables, remove the install directory, and exit
   root:

     su
     tar xjf iptables-1.2.11.tar.bz2
     cd iptables-1.2.11
     uname -r && ls /usr/src
     make KERNEL_DIR=/usr/src/linux-2.4.26
     make install KERNEL_DIR=/usr/src/linux-2.4.26
     cd .. && rm -fr iptables-1.2.11
     exit

   After iptables install, you may have to recompile the kernel and include
   iptables support. In Networking options > IP: Netfilter Configuration >
   set all as modules, and exclude ipchains and ipfwadm. Arno's rc.iptables
   init script will load the required modules at boot.


   Disabling Firewall Front-ends

   If you are running any firewall front-end, you have to disable it before
   switching to Arno's iptables script. For Guarddog in Mandrake and MEPIS,
   click main menu > System > Security > Guarddog > enter root password >
   Advanced tab > check "Disable firewall", [OK], [Continue] and [OK].
   Their rule set should be removed immediately. For other firewall front-
   ends, find out how to disable them in their documentation.


   Installing Arno's iptables Script

   The script, by Arno van Amersfoort, loads iptables modules and sets up a
   firewall rule set for you without your reading cryptic, cross-
   referenced, full-of-jargon documentation.

   You should ALWAYS start and stop rc.iptables or init scripts, in
   general, as root. In fact, you wouldn't have to if you finished this
   part and the next, since it would automatically start at boot. Remember
   your security is only as secure as the weakest link: i.e. users with too
   much power.

   1. Download arno-iptables-firewall.tgz to your home directory
   2. Open a terminal or console, switch user to root, decompress the
   archive, change directory to install directory replacing the directory
   name, restrict all files to non-root users, and make fwfilter and
   rc.iptables executable for root:

     su
     tar zxvf arno-iptables-firewall.tgz
     cd arno-iptables-firewall-x.x.x
     chmod go-rwx *
     chown root:root *
     chmod u+x fwfilter rc.iptables

   3. Move the rc.iptables init script to the auto-start directory of your
   distro

   For Arch, Core, Crux, Slackware, Vector and Yoper:

     mv rc.iptables /etc/rc.d

   For DaNix, Debian, Gentoo, Kanotix, Knoppix, MEPIS, PCLinuxOS and
   others:

     mv rc.iptables /etc/init.d

   4. Run ifconfig to get the eth0 (first Ethernet or network device) inet
   addr and lo (local loopback) inet addr numbers:

     ifconfig

     eth0 Link encap:Ethernet HWaddr 00:0B:6D:24:31:69
          inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1024 (1024.0 b)  TX bytes:854 (854.0 b)
          Interrupt:11 Base address:0x1000

     lo   Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

   5. Find the path to iptables executable:

     which iptables

     /usr/sbin/iptables

   6. Edit iptables-firewall.conf as follows if you're behind a router on
   DSL modem or you're on a cable modem. EXT_IF_DHCP_IP is dynamic IP. Make
   it 0 if it's a static IP. If it is dynamic IP, you can comment out the
   MODEM_IF_IP and MODEM_IP options. MODEM_IF_IP is your local loopback.
   MODEM_IP is your NIC or modem. Read README file if you're on dial-up

   For Arch, Core, Crux, Slackware, Vector and Yoper:

     vi iptables-firewall.conf

     IPTABLES="/usr/sbin/iptables"
     EXT_IF="eth0"
     EXT_IF_DHCP_IP=1
     #MODEM_IF="eth0"
     MODEM_IF_IP="127.0.0.1"
     MODEM_IP="192.168.1.100"
     FIREWALL_LOG=/var/log/firewall

   For DaNix, Debian, Gentoo, Kanotix, Knoppix, MEPIS, PCLinuxOS and
   others:

     vi iptables-firewall.conf

     IPTABLES="/sbin/iptables"
     EXT_IF="eth0"
     EXT_IF_DHCP_IP=1
     #MODEM_IF="eth0"
     MODEM_IF_IP="127.0.0.1"
     MODEM_IP="192.168.1.100"
     FIREWALL_LOG=/var/log/firewall

   7. Move the configuration file to /etc, and firewall filter program to /
   usr/local/bin, and remove the install directory replacing the directory
   name:

     mv iptables-firewall.conf /etc
     mv fwfilter /usr/local/bin
     cd .. && rm -fr arno-iptables-firewall-x.x.x

   8. Start the script

   For Arch, Core, Crux, Slackware, Vector and Yoper:

     /etc/rc.d/rc.iptables start

   For DaNix, Debian, Gentoo, Kanotix, Knoppix, MEPIS, PCLinuxOS and
   others:

     /etc/init.d/rc.iptables start

   If all goes well, read on. If not, close the terminal and return to step
   2.


   Installing Arno's iptables Service

   Computers are meant to automate processes. You don't have to type that
   line to start the script again. It would be best to start iptables
   BEFORE activating network. Whenever possible, let the system start
   rc.iptables at boot and stop the service at reboot or shut-down.

   9. Add the service, or edit the system init script

   For Arch, add rc.iptables to DAEMONS parameter in rc.conf:

     nano /etc/rc.conf

     DAEMONS=(syslogd klogd network crond rc.iptables)

   For Core, copy and paste this snippet at the end of system init script:

     nano /etc/rc.d/rc.si

     # Starting iptables firewall
     if [ -x /etc/rc.d/rc.iptables ]; then
         /etc/rc.d/rc.iptables start
     fi

   For Crux, add rc.iptables to SERVICES parameter in rc:

     vi /etc/rc

     SERVICES=(net crond rc.iptables kdm)

   For DaNix, Debian, Kanotix, Knoppix and MEPIS, add symlinks to
   runlevels:

     update-rc.d rc.iptables defaults 18

   For Gentoo, add the init script to runlevels:

     rc-update add rc.iptables default

   If that doesn't start rc.iptables at boot, put this line in local.start
   to start rc.iptables at boot:

     nano -w /etc/conf.d/local.start

     /etc/init.d/rc.iptables start 1>&2

   And put this line in local.stop to stop rc.iptables at reboot or shut-
   down:

     nano -w /etc/conf.d/local.stop

     /etc/init.d/rc.iptables stop 1>&2

   For PCLinuxOS, add the service to auto-start:

     chkconfig --add rc.iptables

   For Slackware and Vector, insert the start snippet before rc.inet1 in
   rc.M:

     vi /etc/rc.d/rc.M

     # Starting iptables firewall
     if [ -x /etc/rc.d/rc.iptables ]; then
         /etc/rc.d/rc.iptables start
     fi
     # Initialize the networking hardware...
     if [ -x /etc/rc.d/rc.inet1 ]; then
       . /etc/rc.d/rc.inet1
     fi

   And insert the stop snippet before rc.pcmcia in rc.6:

     vi /etc/rc.d/rc.6

     # Stopping iptables firewall
     if [ -x /etc/rc.d/rc.iptables ]; then
         /etc/rc.d/rc.iptables stop
     fi
     # Shut down PCMCIA devices:
     if [ -x /etc/rc.d/rc.pcmcia ] ; then
       . /etc/rc.d/rc.pcmcia stop
       sleep 5
     fi

   For Yoper, copy and paste this snippet at the end of init script:

     vi /etc/rc.d/init.d/rc

     # Starting iptables firewall
     if [ -x /etc/rc.d/rc.iptables ]; then
         /etc/rc.d/rc.iptables start
     fi

   For other distros, copy and paste this snippet at the end of init
   script:

     vi /etc/init.d/rc.init

     # Starting iptables firewall
     if [ -x /etc/init.d/rc.iptables ]; then
         /etc/init.d/rc.iptables start
     fi

   10. Exit root:

     exit

   You should reboot Linux to make sure that rc.iptables is working.


   Logging iptables Messages

   Logging is optional. syslogd can output the logs to /var/log/firewall.
   Switch user to root, create /var/log/firewall for only root, add the
   bold line to the end of syslog.conf file, making sure the spaces are
   tabs between debug and /var, and that /var lines up with the other
   column:

     su
     touch /var/log/firewall
     chmod go-rwx /var/log/firewall
     vi /etc/syslog.conf

     kern.=debug                        /var/log/firewall

   Restart system logging daemon, and exit root:

     killall -HUP syslogd
     exit


   Viewing Firewall Log

   There is no point in logging iptables messages if the log isn't viewed
   regularly. In Arno's download is a fwfilter script that filters firewall
   logs for easy viewing. The usage is mentioned in the same script. Let's
   see the log:

     su
     cat /var/log/firewall | fwfilter
     Jan 1 0:00:00 ** Starting Arno's IPTABLES firewall v1.8.3-BETA3 **
     Jan 1 0:00:00 ** All firewall rules applied **
     Jan 1 0:00:00 ** Stopping IPTABLES firewall **

   How about a real-time output?

     tail -f /var/log/firewall | fwfilter

   Press CTRL C to quit. If fwfilter can't be found, the environment path
   must be missing /usr/local/bin/. Add it to /etc/profile and reload
   profile if need be. After viewing the firewall log, exit root:

     exit


   Logging Incoming Traffic

   Technically, your iptables install has been over. So? Yeah, what the
   hell. Mount up. There is a number of firewall loggers out there. IP
   Packet Logger is a tiny daemon that logs incoming IP packets.

   1. Download ippl-1.4.14.tar.gz to home directory
   2. Open a terminal or console, and install ippl:

     tar zxvf ippl-1.4.14.tar.gz
     cd ippl-1.4.14
     su
     ./configure --sysconfdir=/etc && make && make install
     cd .. && rm -fr ippl-1.4.14

   3. Make ippl root only and edit the ippl.conf file:

     chmod 0700 /usr/local/sbin/ippl
     vi /etc/ippl.conf

     runas nobody
     expire 3600
     log-in all /var/log/ippllog
     run icmp tcp udp

   4. Write the init script:

     vi ippl

     #!/bin/sh
     #
     # ippl: start/stop ippl daemon
     #

     case $1 in
     start)
       echo "Starting $0:"
       /usr/local/sbin/ippl
       ;;

     stop)
       echo "Stopping $0:"
       killall --SIGTERM /usr/local/sbin/ippl
       ;;

     restart)
       $0 stop
       sleep 2
       $0 start
       ;;

     *)
       echo "usage: $0 [start|stop|restart]"
       ;;
     esac

     # End of file

   Make ippl executable for only root:

     chmod 0700 ippl

   For Arch, Core, Crux, Slackware, Vector and Yoper, move ippl to /etc/
   rc.d:

     mv ippl /etc/rc.d

   For DaNix, Debian, Gentoo, Kanotix, Knoppix, MEPIS, PCLinuxOS and
   others, move ippl to /etc/init.d:

     mv ippl /etc/init.d

   5. Add the service, or edit the system init script

   For Arch, add rc.iptables to DAEMONS parameter in rc.conf:

     nano /etc/rc.conf

     DAEMONS=(syslogd klogd network crond rc.iptables ippl)

   For Core, copy and paste this snippet at the end of init script:

     nano /etc/rc.d/rc.si

     # Starting ippl
     if [ -x /etc/rc.d/ippl ]; then
         /etc/rc.d/ippl start
     fi

   For Crux, add rc.iptables to SERVICES parameter:

     vi /etc/rc

     SERVICES=(net crond rc.iptables ippl kdm)

   For DaNix, Debian, Kanotix, Knoppix and MEPIS, add symlinks to
   runlevels:

     update-rc.d ippl defaults 19

   For Gentoo, add the init script to runlevels:

     rc-update add ippl default

   For PCLinuxOS, add the service to auto-start:

     chkconfig --add ippl

   For Slackware and Vector, insert the start snippet after rc.iptables in
   rc.M:

     vi /etc/rc.d/rc.M

     # Starting iptables firewall
     if [ -x /etc/rc.d/rc.iptables ]; then
         /etc/rc.d/rc.iptables start
     fi
     # Starting ippl
     if [ -x /etc/rc.d/ippl ]; then
         /etc/rc.d/ippl start
     fi

   And insert the stop snippet before rc.iptables in rc.6:

     vi /etc/rc.d/rc.6

     # Stopping ippl
     if [ -x /etc/rc.d/ippl ]; then
         /etc/rc.d/ippl stop
     fi
     # Stopping iptables firewall
     if [ -x /etc/rc.d/rc.iptables ]; then
         /etc/rc.d/rc.iptables stop
     fi

   For Yoper, copy and paste this snippet at the end of init script:

     vi /etc/rc.d/init.d/rc

     # Starting ippl
     if [ -x /etc/rc.d/ippl ]; then
         /etc/rc.d/ippl start
     fi

   For other distros, copy and paste this snippet at the end of init
   script:

     vi /etc/init.d/rc.init

     # Starting ippl
     if [ -x /etc/init.d/ippl ]; then
         /etc/init.d/ippl start
     fi

   6. Start ippl:

     /etc/rc.d/ippl start

   Or

     /etc/init.d/ippl start

   It is a good idea to frequently check the traffic log:

     tail /var/log/ippllog

   7. After installing ippl, exit root:

     exit

   IP Packet Logger is running in the background. You don't have to reboot
   the computer after installing and running ippl. That's the beauty of
   Linux.

   Checking iptables Status
   You can check that the iptables rule set is applied. Switch user to
   root:

     su

   List everything set by Arno's script:

     /etc/rc.d/rc.iptables status

   Or list all chains as an exact numeric verbose output:

     iptables -xnvL

   Exit root:

     exit


   Troubleshooting: Unresolved symbols

   If the distro boots up or you enter "depmod -a", and one or more of this
   iptables-related line sweeps across the screen:

     depmod: *** Unresolved symbols in
      /lib/modules/2.x.xx/kernel/net/ipv4/netfilter/ip_tables.o

   It is possible that you just compiled a new kernel without cleaning the
   source tree thoroughly. You can try this:

     su
     cd /usr/src/linux
     mv .config ..
     make mrproper
     mv ../.config .

   Replace linux directory with the right one if necessary. Then you can
   config your kernel, check that all iptables modules are included,
   compile kernel, write LInux LOader and reboot the computer.


   iptables
   http://www.iptables.org/downloads.html

   Arno's iptables Script
   http://freshmeat.net/projects/iptables-firewall/?topic_id=151

   ippl Logger
   http://pltplp.net/ippl/

   ----------------------------------------------------------------------------
   Copyright (C) 2002-2004 by jet_blackz@lycos.com
Here's another commentary on it's usage: iptables

One thing I have noticed however, is that if you have a modern day router that offers things like port forwarding and trusted hosts, isn't that enough? Rather than having to replicate alot of that functionality on your linux box. As I never seem to have any viruses or intrusions on my machine.

Just a little, fyi.

- Perry

Last edited by perry; 08-13-2007 at 11:56 AM.
 
Old 08-13-2007, 11:57 AM   #57
perry
Member
 
Registered: Sep 2003
Location: USA & Canada
Distribution: Slackware 12.0
Posts: 978

Rep: Reputation: 30
Rotfl

Code:
				Real life Court Extracts


Q:  Doctor, before you performed the autopsy, did you check for a pulse?
A:  No.
Q.  Did you check for blood pressure?
A:  No.
Q:  Did you check for breathing?
A:  No.
Q:  So, then it is possible that the patient was alive when you began the autopsy?
A:  No.
Q:  How can you be so sure, Doctor?
A:  Because his brain was sitting on my desk in a jar.
Q:  But could the patient have still been alive, nevertheless?
A:  Yes, it is possible that he could have been alive and practicing law somewhere.
 
Old 08-13-2007, 06:33 PM   #58
lord-fu
Member
 
Registered: Apr 2005
Location: Ohio
Distribution: Slackware && freeBSD
Posts: 676

Rep: Reputation: 30
[edit] just saw this post rose from the grave

Last edited by lord-fu; 08-13-2007 at 08:49 PM. Reason: update
 
Old 08-14-2007, 06:29 AM   #59
Okie
Senior Member
 
Registered: Mar 2002
Location: Oklahoma
Posts: 1,154

Rep: Reputation: 187Reputation: 187
my IPTables firewall is just a few lines of text in rc.local
 
  


Reply

Tags
configure, firewall, iptables, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Please help me with iptables configuration rbm Linux - Security 4 01-29-2006 05:48 AM
iptables configuration help Alien#007 Linux - Networking 1 08-12-2005 01:32 PM
IPTables Configuration shaileshjain Linux - Networking 2 04-07-2005 12:16 AM
Iptables configuration Salihou Linux - Networking 2 09-24-2003 02:26 PM
iptables configuration know Linux - Networking 2 05-25-2003 04:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration