On Fri, Oct 22, 2010 at 03:00:40PM -0400, Gilbert Sullivan wrote: > On 10/22/2010 01:56 PM, Rob Owens wrote: >> On Fri, Oct 22, 2010 at 01:50:11PM -0400, Gilbert Sullivan wrote: >>> list's moderator hasn't got back to me. It appears that the rules I want >>> in iptables are not in effect at all until I actually bring up the >>> Firestarter user interface during a given session. Once I log off >>> (restart not necessary) the rules are apparently reset to the default. >>> >> You can check this by running (as root): >> >> iptables -L >> >> If there are no firewall rules active, it will look something like this: >> >> Chain INPUT (policy ACCEPT) >> target prot opt source destination >> >> Chain FORWARD (policy ACCEPT) >> target prot opt source destination >> >> Chain OUTPUT (policy ACCEPT) >> target prot opt source destination >> >> -Rob > > Thanks, Rob. > > I set up the rules in Firestarter. I reboot. This is what I get: > > # iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination >
<lots of stuff snipped> It definitely looks like you have no active firewall until you run firestarter manually. I'm not very familiar with firestarter, but it seems like it should start automatically on boot because as soon as you boot up and get a network connection, you are vulnerable. Is there a /etc/default/firestarter file? Does it say to run firestarter at startup? Install and run sysv-rc-conf. Does it say that firestarter is supposed to be started in your runlevel? (default runlevel is 2 for Debian). Are there any other conf files you could check? /etc/firestarter.conf, for instance? -Rob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101022202944.ga28...@aurora.owens.net
