The easiest way would be to give your kids more chores around the house :)
|
Quote:
Quote:
Quote:
Quote:
http://www.ranum.com/security/comput...itorials/dumb/ having said, considering it's just a home firewall, you might not want to go through the hassle of setting-up rules for all your daemons and stuff (even though it's a good idea to go through that hassle :) ), in which case you can easily do a "default permit" on your LAN interface... basically you'd just eliminate the relevant (LAN) INPUT rules and replace them with one to take care of everything.... like this: Code:
#!/bin/sh let me know how it goes with your iptables time match module issue... i hope you work it out soon... |
Quote:
i think you're right, it's possible to do this with cron in a way which is still elegant and non-complicated... :) |
using a cron approach with two (shell) scripts (one for allow play and one for no play), the scripts could look like these:
ALLOW PLAYING: Code:
#!/bin/sh DO NOT ALLOW PLAYING: Code:
#!/bin/sh you could also just execute each script manually and then generate an iptables configuration file for each setup and cron the iptables-restore to pick-up the rules from those, as was suggested by stress_junkie... in fact, that would probably be the elegant thing to do... :) NOTE: keep in mind that iptables doesn't store kernel parameters in it's configuration files... |
Phew!!!
Ok, to start off with, geeman2.0 Quote:
Next, the whole cron thing (stress junkie) et al. If that is how I have to go, then so be it, but I have 3 problems with this approach....
Finally, win32sux, thanks again for all your help with this - you're a star! I'll try upgrading IPTABLES as you suggest and see if that helps, if not, then I think I may go down the cron route. Thanks also for your tips on firewalling - I don't think I need to protect the LAN interface at this stage TOO much (but who knows in the future) so I'll have a play there. The only things I need to go out on the 'net are NTP updates, web surfing from squid / directly, ftp downloads and incoming http and ssh requests (at this stage, but I'm learning fast!) I'll post back and let you all know how it goes. Damn I LOVE the LQ community :D Paul |
Upgrading to IPTABLES 1.1.5 didn't help. Still got exactly the same problem :(
Looks like it may well have to be cron :( :( Thanks, everyone, for your help. If anyone DOES manage to solve this one.... Cheers, Paul |
after you apply the time patch to your kernel, you are running a "make xconfig" (using your old .config) and then setting the new time match option, right??
what does your config file's time options look like?? Code:
cat your_config | grep TIME - apply time patch to kernel source - run make xconfig/gconfig/menuconfig with your current config file and set the new time match option - save the new config - compile the kernel and modules with the new config - boot the new kernel - recompile iptables while running the new kernel is this pretty much what you are doing already?? i'm just making sure cuz it sounds like the time match module isn't getting compiled in the first place... also, is there any documentation anywhere that specifies which kernel versions those netfilter patches are designed for?? BTW, if you're gonna give it another shot, you might as well download the latest kernel source (2.6.15.3), as a DoS vulnerability has recently been patched: http://secunia.com/advisories/18766/ EDIT: 2.6.15.4 is out... :) |
I may well look at the new kernel, but I don't want to go mucking around with that just yet! ;)
Anyway, the patch seems to have been applied to the kernel ok. Output from the grep is: Quote:
I'm just about to apply the cron solution (kids out of the way at the moment, so I can test it all! :D) I'm just going through your configs at the moment so I can understand them. I'm looking at the docs as well :study: , but if there's any lines I don't understand, I'll be sure to ask ;) Cheers, Paul |
Quote:
|
I could give it a go, I s'pose, but to be honest I'm beginning to run out of patience with it. Sad, but I've got other, more pressing things on at the mo ;)
Cron, here I come!!! BTW, what does the "mangle" chain do? Paul |
|
All times are GMT -5. The time now is 04:54 PM. |