LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Need to understand Firestarter/firewall (https://www.linuxquestions.org/questions/linux-security-4/need-to-understand-firestarter-firewall-296344/)

flashl 03-01-2005 12:54 PM
Need to understand Firestarter/firewall
 
I have fedora 3 running and I have installed Firestarter. I have read several discussions here about firewalls and followed several links on tutorials. When I boot and then issue: ps -eaf|grep firestarter, I do not get any results other than the grep.

However, when I review the /var/log/messages, I can see firestarter starting, later, I see: ip_tables: (C) 2000-2002 Netfilter core team and ip_conntrack version 2.1 (1783 buckets, 14264 max) - 360 bytes per conntrack starting. I have verified using chkconfig that iptables should not startup and off is on all run levels. I know that "a" firewall of some sort is running because of the logging in /var/log/messages and results from iptables -L.

The only time that firestarter is in the psdata is after I run it from the command line. Is this normal behavior? or should I continue to search for what is squashing firestarter?

Thanks,
Flash

Matir 03-01-2005 02:03 PM
I don't know why firestarter is not showing up, but the iptables log entries are normal. Those show the kernelspace portions of iptables starting. All firestarter is is an interface to iptables. It could be that firestarter starts, loads the proper iptables rules, then exits.

flashl 03-01-2005 02:43 PM
Thanks for the reply. As you can tell, I am a little confused about firestarter's behavior because, it adds its startup command in dhclient-exit-hooks (I believe that I understand why). From viewing /var/log/messages, I have observed that after I run firestarter from the command line, DHCP is restarted.

Another reason for my quest, if firestarter is the only firewall process which is integrated with ipatables?? then what is logging kernel messages to /var/log/messages since I have added the following to syslog.conf?

# kernel messages.
kern.debug;kern.info /var/log/firewall

Thanks,
Flash

Matir 03-01-2005 03:39 PM
Any kernel messages are generated by iptables itself: not firestarter. Firestarter essentially just performs a bunch of admin on the iptables tables, then lets iptables take over.

flashl 03-01-2005 05:22 PM
OK. So, what am I missing when I am attempting to direct the kernel messages to /var/log/firewall?

Thanks
Flash

Matir 03-01-2005 07:55 PM
Do the rules specify --log-level info as the logging level? Otherwise, it'll all be in futility.

flashl 03-02-2005 06:30 AM
OK. Got it. I did not see an earlier entry in syslog.conf that had a facility and priority of "*.info" that directed the entries to /var/log/messages. Thanks for your patience.

Thanks,
Flash


All times are GMT -5. The time now is 08:57 AM.