LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 05-13-2021, 10:49 AM   #1
dalacor
Member
 
Registered: Feb 2019
Distribution: Slackware
Posts: 83

Rep: Reputation: Disabled
Problems with Firewall Rules


I am learning how to setup a basic firewall in Slackware and I am having difficulties with the DNS resolution part. I haven't even got as far as allowing port 80 and 443 because I cannot get DNS resolution to work yet.

This is what I have setup:

Code:
iptables -A INPUT -p udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp --dport ssh -s (pc IP Address) -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -d (pc IP Address) -m state --state ESTABLISHED -j ACCEPT

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
The drop commands, I understand perfectly. Basically everything is dropped and only lines above this are explicitly allowed. So that part is good and what I am trying to achieve.

To allow SSH - for putty or pscp - I have allowed tcp for incoming ssh port only from my Computer's IP Address for new and established connections. For return traffic, I have allowed Established traffic back to my computer IP Address. Works perfectly and as far as I am aware set as securely as possible.

However when I ping say google.co.uk (on the same computer the firewall is on) for example I get one of two results (depending on how I have configured the firewall rules for port 53). Either resolution fails completely or as in above example it will actually ping google and show IP Address in bracket, but the reply from lines never appear. When I do ctrl C, it says X packets transmitted, 0 received. 100% packet loss.

I have tried changing source port to destination port, remming out either Input or Output or Forward Policies, only keeping one policy rule in place. I have tried enabling TCP as well as UDP. I have enabled loopback and input for ICMP. But no matter what I do, I can never get Slackware to show reply, reply, reply etc.

I am aware that DNS resolution might use port 53 for outgoing but a different port number for return. Which is why I was trying source and destination ports both ways for input and output.

My second problem is that I can't find the logs for the firewall so I cannot work out what is being blocked. How do you configure rc.firewall to log everything to do with the firewall to a firewall.log file. I know that Slackware uses the messages or system log, but I can't find anything relating to the firewall there. I might be able to find the cause if I could get firewall to log to a specific file.

Last edited by dalacor; 05-13-2021 at 01:54 PM. Reason: typo
 
Old 05-13-2021, 10:54 AM   #2
marav
Member
 
Registered: Sep 2018
Location: Paris, France
Distribution: Slackware
Posts: 345

Rep: Reputation: 198Reputation: 198
I suggest you to put your default policies in first place :

Code:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -p udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -m state --state NEW, ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -s (pc IP Address) -m state --state NEW, ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -d (pc IP Address) -m state --state ESTABLISHED -j ACCEPT
Also, you can take inspiration from AlienBob's script :
http://www.slackware.com/~alien/efg/
 
Old 05-13-2021, 11:27 AM   #3
dalacor
Member
 
Registered: Feb 2019
Distribution: Slackware
Posts: 83

Original Poster
Rep: Reputation: Disabled
@marav. The order that I have put my rules in, is the order within the actual rc.firewall file. So I open the file and put the rules in that order. My understanding is that the file is read from top to bottom. Whereas if you are typing the commands in bash and then saving that to a file - you do it in the order you have done? Is this correct?

If you put the drop policies at the top of the file, this would prevent the rules below being read as the drop rules have a match? I will test this.

I will have a look at Alienbobs script to see if I can get any clues there. Thanks
 
Old 05-13-2021, 01:55 PM   #4
dalacor
Member
 
Registered: Feb 2019
Distribution: Slackware
Posts: 83

Original Poster
Rep: Reputation: Disabled
I have managed to find the problem. I had not set the ICMP rules correctly. It was not the DNS rules that were wrong.

Adding this fixed the issue

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

https://www.thegeekstuff.com/2011/06...ules-examples/ - Source Website.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] /etc/udev/rules.d/40-libsane.rules and /etc/udev/rules.d/S99-2000S1.rules missing LABEL=libsane_rules_end mumahendras3 Slackware 6 03-09-2020 02:27 AM
auditctl -l not showing any rules even though i have rules written in audit.rules alphaguy Linux - Security 1 02-07-2014 05:28 PM
How to write two snort detection rules to alert on packets to those rules romafiel *BSD 0 06-08-2007 07:00 PM
need help fixing my udev rules or ivman rules hedpe Linux - Hardware 2 03-18-2006 10:07 AM
Viruses, ipchains, dynamic rules, rules with regular expressions marktaff Linux - Security 2 09-25-2001 04:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 08:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration