LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-01-2005, 12:54 PM   #1
flashl
Member
 
Registered: Mar 2005
Posts: 44

Rep: Reputation: 15
Need to understand Firestarter/firewall


I have fedora 3 running and I have installed Firestarter. I have read several discussions here about firewalls and followed several links on tutorials. When I boot and then issue: ps -eaf|grep firestarter, I do not get any results other than the grep.

However, when I review the /var/log/messages, I can see firestarter starting, later, I see: ip_tables: (C) 2000-2002 Netfilter core team and ip_conntrack version 2.1 (1783 buckets, 14264 max) - 360 bytes per conntrack starting. I have verified using chkconfig that iptables should not startup and off is on all run levels. I know that "a" firewall of some sort is running because of the logging in /var/log/messages and results from iptables -L.

The only time that firestarter is in the psdata is after I run it from the command line. Is this normal behavior? or should I continue to search for what is squashing firestarter?

Thanks,
Flash
 
Old 03-01-2005, 02:03 PM   #2
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
I don't know why firestarter is not showing up, but the iptables log entries are normal. Those show the kernelspace portions of iptables starting. All firestarter is is an interface to iptables. It could be that firestarter starts, loads the proper iptables rules, then exits.
 
Old 03-01-2005, 02:43 PM   #3
flashl
Member
 
Registered: Mar 2005
Posts: 44

Original Poster
Rep: Reputation: 15
Thanks for the reply. As you can tell, I am a little confused about firestarter's behavior because, it adds its startup command in dhclient-exit-hooks (I believe that I understand why). From viewing /var/log/messages, I have observed that after I run firestarter from the command line, DHCP is restarted.

Another reason for my quest, if firestarter is the only firewall process which is integrated with ipatables?? then what is logging kernel messages to /var/log/messages since I have added the following to syslog.conf?

# kernel messages.
kern.debug;kern.info /var/log/firewall

Thanks,
Flash
 
Old 03-01-2005, 03:39 PM   #4
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
Any kernel messages are generated by iptables itself: not firestarter. Firestarter essentially just performs a bunch of admin on the iptables tables, then lets iptables take over.
 
Old 03-01-2005, 05:22 PM   #5
flashl
Member
 
Registered: Mar 2005
Posts: 44

Original Poster
Rep: Reputation: 15
OK. So, what am I missing when I am attempting to direct the kernel messages to /var/log/firewall?

Thanks
Flash
 
Old 03-01-2005, 07:55 PM   #6
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
Do the rules specify --log-level info as the logging level? Otherwise, it'll all be in futility.
 
Old 03-02-2005, 06:30 AM   #7
flashl
Member
 
Registered: Mar 2005
Posts: 44

Original Poster
Rep: Reputation: 15
OK. Got it. I did not see an earlier entry in syslog.conf that had a facility and priority of "*.info" that directed the entries to /var/log/messages. Thanks for your patience.

Thanks,
Flash
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
my firewall script: unable to understand its function Niceman2005 Linux - Security 3 11-16-2005 07:21 PM
no firewall alerts - firestarter lumbrjackedpcj Linux - Security 3 01-21-2005 10:29 PM
firestarter firewall thelenko Linux - Software 8 05-30-2004 03:01 AM
help with firestarter firewall luap Linux - Networking 1 03-15-2003 11:09 AM
Help with user access behind Firestarter firewall TigerOC Linux - Networking 0 02-16-2003 08:05 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration