Firewall woes.. Newbie trying to figure it out.

studioq · 10-04-2006, 10:04 AM

Quick question for anyone who knows. This is the response I get when issuing "ps x" after installing a firewall. Are all of the prcesses with question marks ones that are blocked by that fire wall? I never saw this before I started up the rc.firewall file.

Code:

PID TTY      STAT   TIME COMMAND
    1 ?        S      0:04 init [3]
    2 ?        S      0:00 [keventd]
    3 ?        SN     0:00 [ksoftirqd_CPU0]
    4 ?        S      0:00 [kswapd]
    5 ?        S      0:00 [bdflush]
    6 ?        S      0:00 [kupdated]
   10 ?        S<     0:00 [mdrecoveryd]
   11 ?        S      0:00 [kreiserfsd]
   62 ?        Ss     0:00 /usr/sbin/syslogd
   65 ?        Ss     0:00 /usr/sbin/klogd -c 3 -x
  163 ?        S<s    0:00 udevd
  246 ?        S      0:00 [khubd]
 1430 ?        Ss     0:00 /usr/sbin/inetd
 1434 ?        Ss     0:00 /usr/sbin/sshd
 1438 ?        Ss     0:00 /usr/sbin/named
 1456 ?        Ss     0:00 /usr/sbin/cupsd
 1470 ?        S      0:00 /usr/sbin/crond -l10
 1475 ?        Ss     0:00 /usr/sbin/saslauthd -a shadow
 1476 ?        S      0:00 /usr/sbin/saslauthd -a shadow
 1477 ?        S      0:00 /usr/sbin/saslauthd -a shadow
 1478 ?        S      0:00 /usr/sbin/saslauthd -a shadow
 1479 ?        S      0:00 /usr/sbin/saslauthd -a shadow
 1528 ?        Ss     0:00 /usr/sbin/httpd
 1530 ?        Ss     0:00 /usr/sbin/gpm -m /dev/mouse -t ps2
 1532 tty1     Ss     0:00 -bash
 1533 tty2     Ss+    0:00 /sbin/agetty 38400 tty2 linux
 1534 tty3     Ss+    0:00 /sbin/agetty 38400 tty3 linux
 1535 tty4     Ss+    0:00 /sbin/agetty 38400 tty4 linux
 1536 tty5     Ss+    0:00 /sbin/agetty 38400 tty5 linux
 1537 tty6     Ss+    0:00 /sbin/agetty 38400 tty6 linux
 1577 tty1     S+     0:00 /bin/sh /usr/X11R6/bin/startx
 1588 tty1     S+     0:00 xinit /root/.xinitrc --
 1589 ?        R<     0:35 X :0
 1593 tty1     S      0:00 sh /root/.xinitrc
 1594 tty1     S      0:00 /bin/sh /opt/kde/bin/startkde
 1619 ?        Ss     0:00 kdeinit Running...
 1622 ?        S      0:00 kdeinit: dcopserver --nosid
 1624 ?        S      0:00 kdeinit: klauncher
 1627 ?        S      0:00 kdeinit: kded
 1633 ?        S      0:00 kdeinit: kded
 1634 ?        S      0:00 kdeinit: kded
 1638 ?        S      0:00 artsd -F 10 -S 4096 -s 60 -m artsmessage -c drkonqi -l 3 -f
 1640 ?        S      0:00 kdeinit: kaccess
 1641 tty1     S      0:00 kwrapper ksmserver
 1643 ?        S      0:00 kdeinit: ksmserver
 1644 ?        S      0:00 kdeinit: kwin -session 1014cd7d2d4000115938571500000016170000_
 1657 ?        S      0:01 kdeinit: kdesktop
 1661 ?        S      0:00 kdeinit: kicker
 1663 ?        S      0:00 kdeinit: klipper
 1696 ?        S      0:00 korgac --miniicon korganizer
 1702 ?        S      0:00 kdeinit: knotify
 1703 ?        S      0:00 artsd -F 10 -S 4096 -s 60 -m artsmessage -c drkonqi -l 3 -f
 1705 ?        S      0:00 kdeinit: kio_file file /tmp/ksocket-root/klauncherc9eP0b.slave
 1707 ?        S      0:05 kdeinit: konqueror --silent
 1712 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1714 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1718 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1725 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1730 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1731 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1732 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1734 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1735 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1738 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1739 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1750 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1754 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1761 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1762 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1764 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1767 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1782 ?        S      0:00 kdeinit: kio_http http /tmp/ksocket-root/klauncherc9eP0b.slave
 1789 ?        S      0:00 kdeinit: konsole --ls
 1790 pts/1    Ss     0:00 -bash
 1804 pts/1    R+     0:00 ps x

Thanks.

b0uncer · 10-04-2006, 11:46 AM

No no no. The ?-marks are in the "tty" column, as you see, and that means basically that they were not started in any specific tty (i.e. by you on a graphical tty), but are more likely somekind of system processes not started by yourself.

rc.firewall is, as far as I can guess, a script that generates rules for the Linux iptables firewall, which does not prevent apps from doing this or that (like Zonealarm, for example), but which decides whether certain packets from certain addresses or ports (or captured by some other "general" rules) are accepted, rejected or dropped. Read more:

Code:

man iptables

it's pretty different from any Windows firewall, really - and it's effective if you learn to use it. You can use programs like Firestarter to configure iptables, but the most powerful way (in my own opinion) is to use a firewall script like rc.firewall, which is just run at bootup and merely adds the iptables rules (check the file out; you'll find out how it works -- it's at the same time simple and clever).

About these ttys: for example you see this line:

Quote:

1535 tty4 Ss+ 0:00 /sbin/agetty 38400 tty4 linux

it tells that on tty4 (a text console, you'll see it pressing ctrl+alt+f4 and get back by ctrl+alt+f7) there is agetty running; a program that waits for somebody to log in. Every "working" tty has somekind of app like that running, but the point here was that you'll see it's running on tty4 (and it's process id is 1535). Those processes that have no tty (have ? in place of the tty) are simply processes that are not started in any specific tty.

Usually tty1-6 are text-logins (console) and 7-12 are reserved for graphical ones, but usually only 7 is in use (unless you're running multiple Xs).

I hope you got something out of this..I advice you to read documentation about how Linux and Unix works, and about what a multiuser system means -- it means that multiple persons can use the same pc at the same time; basically it happens so that they log in via different ttys, either locally or not.

studioq · 10-04-2006, 01:32 PM

Trust me, I've been reading everyday now for 2 weeks straight.. I wish I had started this several years ago, but I just happened upon it. I had Ubuntu and a Slacker came by and told me to forget about it and go with Slack. I changed and have been exceptionally happy I did.. There are so many things to learn and I am learning most of them out of order.

One thing I do know is that if I dont understand it - leave it alone..
I have to ask questions like the one above because I didn't know what it was related to.. Now I do..

The firewall script is in and seems to be working. I just think it is working a little too good.. Now many many things are no longer accessible from the net.. I figured I would put the firewall in so I could learn what it was doing and why, before I tried to make it do what I wanted it to do.. Just my silly way of learning I guess. I just know that I wanted to code it by hand rather that try to use an app to do it. The app does it for me and I dont learn a thing. Not my reason for getting into this.
Thanks.

manwichmakesameal · 10-05-2006, 12:18 AM

Try using something like guarddog to set up your firewall, it will create the rc.firewall script. Then you can go through the script and change it to your will or just read through it to see what does what.

studioq · 10-05-2006, 09:06 PM

This was actually my solution to the above issues...
http://www.linuxquestions.org/questi...ht=firestarter