Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-01-2005, 12:54 PM
|
#1
|
Member
Registered: Mar 2005
Posts: 44
Rep:
|
Need to understand Firestarter/firewall
I have fedora 3 running and I have installed Firestarter. I have read several discussions here about firewalls and followed several links on tutorials. When I boot and then issue: ps -eaf|grep firestarter, I do not get any results other than the grep.
However, when I review the /var/log/messages, I can see firestarter starting, later, I see: ip_tables: (C) 2000-2002 Netfilter core team and ip_conntrack version 2.1 (1783 buckets, 14264 max) - 360 bytes per conntrack starting. I have verified using chkconfig that iptables should not startup and off is on all run levels. I know that "a" firewall of some sort is running because of the logging in /var/log/messages and results from iptables -L.
The only time that firestarter is in the psdata is after I run it from the command line. Is this normal behavior? or should I continue to search for what is squashing firestarter?
Thanks,
Flash
|
|
|
03-01-2005, 02:03 PM
|
#2
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
I don't know why firestarter is not showing up, but the iptables log entries are normal. Those show the kernelspace portions of iptables starting. All firestarter is is an interface to iptables. It could be that firestarter starts, loads the proper iptables rules, then exits.
|
|
|
03-01-2005, 02:43 PM
|
#3
|
Member
Registered: Mar 2005
Posts: 44
Original Poster
Rep:
|
Thanks for the reply. As you can tell, I am a little confused about firestarter's behavior because, it adds its startup command in dhclient-exit-hooks (I believe that I understand why). From viewing /var/log/messages, I have observed that after I run firestarter from the command line, DHCP is restarted.
Another reason for my quest, if firestarter is the only firewall process which is integrated with ipatables?? then what is logging kernel messages to /var/log/messages since I have added the following to syslog.conf?
# kernel messages.
kern.debug;kern.info /var/log/firewall
Thanks,
Flash
|
|
|
03-01-2005, 03:39 PM
|
#4
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
Any kernel messages are generated by iptables itself: not firestarter. Firestarter essentially just performs a bunch of admin on the iptables tables, then lets iptables take over.
|
|
|
03-01-2005, 05:22 PM
|
#5
|
Member
Registered: Mar 2005
Posts: 44
Original Poster
Rep:
|
OK. So, what am I missing when I am attempting to direct the kernel messages to /var/log/firewall?
Thanks
Flash
|
|
|
03-01-2005, 07:55 PM
|
#6
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
Do the rules specify --log-level info as the logging level? Otherwise, it'll all be in futility.
|
|
|
03-02-2005, 06:30 AM
|
#7
|
Member
Registered: Mar 2005
Posts: 44
Original Poster
Rep:
|
OK. Got it. I did not see an earlier entry in syslog.conf that had a facility and priority of "*.info" that directed the entries to /var/log/messages. Thanks for your patience.
Thanks,
Flash
|
|
|
All times are GMT -5. The time now is 08:07 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|