Problems with Firewall Rules
 

I am learning how to setup a basic firewall in Slackware and I am having difficulties with the DNS resolution part. I haven't even got as far as allowing port 80 and 443 because I cannot get DNS resolution to work yet.

This is what I have setup:

The drop commands, I understand perfectly. Basically everything is dropped and only lines above this are explicitly allowed. So that part is good and what I am trying to achieve.

To allow SSH - for putty or pscp - I have allowed tcp for incoming ssh port only from my Computer's IP Address for new and established connections. For return traffic, I have allowed Established traffic back to my computer IP Address. Works perfectly and as far as I am aware set as securely as possible.

However when I ping say google.co.uk (on the same computer the firewall is on) for example I get one of two results (depending on how I have configured the firewall rules for port 53). Either resolution fails completely or as in above example it will actually ping google and show IP Address in bracket, but the reply from lines never appear. When I do ctrl C, it says X packets transmitted, 0 received. 100% packet loss.

I have tried changing source port to destination port, remming out either Input or Output or Forward Policies, only keeping one policy rule in place. I have tried enabling TCP as well as UDP. I have enabled loopback and input for ICMP. But no matter what I do, I can never get Slackware to show reply, reply, reply etc.

I am aware that DNS resolution might use port 53 for outgoing but a different port number for return. Which is why I was trying source and destination ports both ways for input and output.

My second problem is that I can't find the logs for the firewall so I cannot work out what is being blocked. How do you configure rc.firewall to log everything to do with the firewall to a firewall.log file. I know that Slackware uses the messages or system log, but I can't find anything relating to the firewall there. I might be able to find the cause if I could get firewall to log to a specific file.

I suggest you to put your default policies in first place :

Also, you can take inspiration from AlienBob's script :
http://www.slackware.com/~alien/efg/

@marav. The order that I have put my rules in, is the order within the actual rc.firewall file. So I open the file and put the rules in that order. My understanding is that the file is read from top to bottom. Whereas if you are typing the commands in bash and then saving that to a file - you do it in the order you have done? Is this correct?

If you put the drop policies at the top of the file, this would prevent the rules below being read as the drop rules have a match? I will test this.

I will have a look at Alienbobs script to see if I can get any clues there. Thanks

I have managed to find the problem. I had not set the ICMP rules correctly. It was not the DNS rules that were wrong.

Adding this fixed the issue

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

https://www.thegeekstuff.com/2011/06...ules-examples/ - Source Website.