On Tue, Feb 12, 2008 at 03:42:04PM -0500, Zach wrote:
> Anyone know a way (or even better have a script) to convert a file of
> ipchains rules into iptables rules?
Rather then using a script you could try shorewall. It is very well
documented very powerful and not hard to use.
Regards,
Andrei
--
I have attached a diagram which was posted a while back on the path of packets
through the kernel
might help
On Wed, Feb 13, 2008 at 07:50:12PM +1000, Adrian Levi wrote:
> On 13/02/2008, Zach <[EMAIL PROTECTED]> wrote:
> > On Feb 12, 2008 7:20 PM, Adrian Levi <[EMAIL PROTECTED]> wrote:
> > >
>
On 13/02/2008, Zach <[EMAIL PROTECTED]> wrote:
> On Feb 12, 2008 7:20 PM, Adrian Levi <[EMAIL PROTECTED]> wrote:
> >
> > The topology of chains to tables is fundamentally different, In chains
> > a packet that is to be forwarded must also go though the input and
> > output chains. Under tables this
On Feb 12, 2008 7:20 PM, Adrian Levi <[EMAIL PROTECTED]> wrote:
>
> The topology of chains to tables is fundamentally different, In chains
> a packet that is to be forwarded must also go though the input and
> output chains. Under tables this packet only has to traverse the
> forward table, input a
On 13/02/2008, Zach <[EMAIL PROTECTED]> wrote:
> Anyone know a way (or even better have a script) to convert a file of
> ipchains rules into iptables rules?
The topology of chains to tables is fundamentally different, In chains
a packet that is to be forwarded must also go though the input and
out
On Mon, 21 Jun 2004 15:30:52 +0200
Paal Marker <[EMAIL PROTECTED]> wrote:
> David Fokkema wrote:
>
> >I bet there's a 2.4 kernel available. While installing the
> >machines, you could have chosen bf24 instead of linux, vanilla or
> >expert signifying that you wanted a 2.4 kernel installed.
> >
>
On Mon, Jun 21, 2004 at 03:30:52PM +0200, Paal Marker wrote:
> David Fokkema wrote:
>
> >On Mon, Jun 21, 2004 at 03:06:40PM +0200, Paal Marker wrote:
> >
> >
> >>debian 3.0r2 kernel 2.2.20
> >>
> >>Still I am configuring the boxes in kiosk mode.
> >>
> >>First now I observe that the debian I down
David Fokkema wrote:
On Mon, Jun 21, 2004 at 03:06:40PM +0200, Paal Marker wrote:
debian 3.0r2 kernel 2.2.20
Still I am configuring the boxes in kiosk mode.
First now I observe that the debian I downloaded last week included 2.2
kernel and not 2.4. Wich means I can not use the firewall script
On Mon, Jun 21, 2004 at 03:06:40PM +0200, Paal Marker wrote:
> debian 3.0r2 kernel 2.2.20
>
> Still I am configuring the boxes in kiosk mode.
>
> First now I observe that the debian I downloaded last week included 2.2
> kernel and not 2.4. Wich means I can not use the firewall script wich
Ar
yikes!! i have hit the wall at 37!!! i am running a 2.4 kernel and
should have asked about iptables NOT ipchains.
At Tuesday, 9 December 2003, Arnt Karlsen <[EMAIL PROTECTED]> wrote:
>On Tue, 9 Dec 2003 09:08:15 -0500,
>Debian User <[EMAIL PROTECTED]> wrote in message
>:
>
>> I am searching f
On Tue, 9 Dec 2003 09:08:15 -0500,
Debian User <[EMAIL PROTECTED]> wrote in message
:
> I am searching for a good HowTo on firewalls and ipchains.
>
> http://www.tldp.org/HOWTO/Firewall-HOWTO-8.html references a dead
> link at
> http://www.adelaide.net.au/~rustcorp/ipfwchains/ipfwchains.html
On Tue, 9 Dec 2003, Debian User wrote:
> I am searching for a good HowTo on firewalls and ipchains.
>
> http://www.tldp.org/HOWTO/Firewall-HOWTO-8.html references a dead
> link at
> http://www.adelaide.net.au/~rustcorp/ipfwchains/ipfwchains.html
>
> Does anyone have another reference worth reading
On Tue, Dec 09, 2003 at 09:08:15AM -0500, Debian User wrote:
> I am searching for a good HowTo on firewalls and ipchains.
>
> http://www.tldp.org/HOWTO/Firewall-HOWTO-8.html references a dead
> link at
> http://www.adelaide.net.au/~rustcorp/ipfwchains/ipfwchains.html
>
> Does anyone have anothe
On Tue, 9 Dec 2003, Debian User wrote:
> I am searching for a good HowTo on firewalls and ipchains.
>
> http://www.tldp.org/HOWTO/Firewall-HOWTO-8.html references a dead
> link at
> http://www.adelaide.net.au/~rustcorp/ipfwchains/ipfwchains.html
>
> Does anyone have another reference worth r
I saw this when I first installed Debian 3.0r0. I did find out how to
stop the logging to the 1st VT. Edit /etc/init.d/klogd. On line 13 is
an assignment to KLOGD. Put "-c 4" in the quotes. This logs only
info and above to the console. I don't know what I did that started
logging to syslog.
On Thu, Feb 20, 2003 at 02:32:37PM -0500, Narins, Josh wrote:
>
> I spent a good amount of time with my old 2.2.x ipchains firewall.
>
> Because it was a laptop, it included different start scripts based on 10.x
> or 192.x or static IPs (I seem to recall)
>
> I liked it. It was very nicely form
The question is whether or not there is something I can use to just convert
these to iptables world.
When you configure the kernel in the netfilter/iptbales configuration
(under networking) there are two options: ipchains support and ipfw support.
With these you can compile a 2.4 kernel, use ip
* Narins, Josh ([EMAIL PROTECTED]) [030220 11:51]:
>
> I spent a good amount of time with my old 2.2.x ipchains firewall.
>
> Because it was a laptop, it included different start scripts based on 10.x
> or 192.x or static IPs (I seem to recall)
>
> I liked it. It was very nicely formatted (no t
On Sat, Jan 04, 2003 at 09:07:31PM -0800, Geoff Hunsicker wrote:
> We are using kernel 2.4.20. When we try to use
> ipchains it tells us it is not compatible with the
> kernel. Is this because we have left out a kernel
> option, or are ipchains no longer supported?
There's an ipchains compatibilit
also sprach Richard Hector <[EMAIL PROTECTED]> [2002.12.07.0030 +0100]:
> I'm not saying it's a bad idea; I'm just saying I don't know how to do
> it. Any suggestions?
snort.
and i'd go as far as to log everything that the firewall drops and
then add rules to drop certain packets without logging
On Sat, Dec 07, 2002 at 12:30:34PM +1300, Richard Hector wrote:
> I'm not saying it's a bad idea; I'm just saying I don't know how to do
> it. Any suggestions?
apt-get install ippl logcheck
--
.''`. Baloo <[EMAIL PROTECTED]>
: :' :proud Debian admin and user
`. `'`
`- Debian - when
Richard Hector said:
> I get stuck in a loop when I try to figure out what to monitor.
totally depends on what you WANT to monitor really and how much
time you want to spend doing it. My home network I recently revamped
everything so it is monitored like a hawk (see http://monitor.aphroland.org
b
martin f krafft said:
> also sprach nate <[EMAIL PROTECTED]> [2002.12.06.0136 +0100]:
>> firewall-and-forget.
>
> maybe for a private system. this is *not* the way to practice
> security. security involves ongoing monitoring.
this is the best way if you have limited resources. Why should I care
ab
On Sat, 2002-12-07 at 10:59, martin f krafft wrote:
> also sprach nate <[EMAIL PROTECTED]> [2002.12.06.0136 +0100]:
> > firewall-and-forget.
>
> maybe for a private system. this is *not* the way to practice
> security. security involves ongoing monitoring.
I get stuck in a loop when I try to figu
also sprach nate <[EMAIL PROTECTED]> [2002.12.06.0136 +0100]:
> firewall-and-forget.
maybe for a private system. this is *not* the way to practice
security. security involves ongoing monitoring.
--
.''`. martin f. krafft <[EMAIL PROTECTED]>
: :' :proud Debian developer, admin, and user
On Thu, Dec 05, 2002 at 04:36:09PM -0800, nate wrote:
> If you try to inquire about every blocked packet on
> your firewall, someday you may be spending all your free time doing it.
Not to mention making you look like an idiot to your ISP's support
staff and make them live in fear of having to sit
John Conover said:
>
> Does anyone have any idea what the following in syslog means:
>
> Dec 5 14:58:01 themachine kernel: Packet log: input DENY ppp0 PROTO=0
> 0.0.0.0:65535 0.0.0.0:65535 L=40 S=0x00 I=55674 F=0x T=64 (#8)
>
> What's PROTO 0, IP address 0.0.0.0?
proto 0 is IP (check /etc
On Mon, Nov 11, 2002 at 10:25:08AM -0500, Geoffrey Deasey wrote:
> mail:/proc/net# ipchains -A inout -s 205.139.153.202 -d 0/0 -p tcp -y -j
> ACCEPT
> ipchains: Protocol not available
I'm not sure, but I doubt the stock boot floppy kernel has ipchains
built in. apt-get install kernel-image-2.2.2
Derrick 'dman' Hudson <[EMAIL PROTECTED]> writes:
> On Fri, Jun 28, 2002 at 11:30:00AM -0400, Brian P. Flaherty wrote:
> | This works for me:
> |
> | ipchains -A input -s 12.27.41.66 -j DENY -l
>
> Does this send back a "connection refused" packet? I forget what the
> target names are for ipcha
On Fri, Jun 28, 2002 at 11:30:00AM -0400, Brian P. Flaherty wrote:
| This works for me:
|
| ipchains -A input -s 12.27.41.66 -j DENY -l
Does this send back a "connection refused" packet? I forget what the
target names are for ipchains, but with iptables you want to use
"DROP" instead of "REJECT"
This works for me:
ipchains -A input -s 12.27.41.66 -j DENY -l
You can drop the final -l if you don't want to log.
HTH.
Brian Flaherty
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
"Mark" <[EMAIL PROTECTED]> writes:
>
> I have the following rule on my WAN interface (eth1):
>
> ipchains -A input -s 63.148.99.0/24 -j DENY -l -i eth1
>
> So why is 63.148.99.229 able to access my Apache server?
Two possibilities come to mind. First, and most obviously, are you
sure the t
Ron Johnson wrote:
[snip]
Linux box for sharing my DSL connection. For a few years it used to be
just a 486, but I recently upgraded it to a K6-2/500 :)
Woo Hoo!! Go, Speed Racer, go! (Did the 486 die?)
One of them died, but the last one I was using just got replaced.
You don't even need
On Wed, 12 Jun 2002 19:48:14 -0700 (PDT)
"Alvin Oga" <[EMAIL PROTECTED]> wrote:
> trivial to run ipchains under 2.4.18...
This all depends on what features of ipchains you are using. The
compatibility layer provided for ipchains in the 2.4.x series does not
provide 100% of the 2.2.x ipchains fea
On Wed, 2002-06-12 at 22:37, Chris Gushue wrote:
> Ron Johnson wrote:
> > On Wed, 2002-06-12 at 21:25, Chris Gushue wrote:
> [snip]
[snip]
> Linux box for sharing my DSL connection. For a few years it used to be
> just a 486, but I recently upgraded it to a K6-2/500 :)
Woo Hoo!! Go, Speed Racer,
Ron Johnson wrote:
On Wed, 2002-06-12 at 21:25, Chris Gushue wrote:
[snip]
On my home router, I'm still using a 2.2 kernel. I tried 2.4 at one
point, but found the ipmasq modules lacking (unless I missed something,
which is likely). Overall, it shouldn't hurt to stick with ipchains
unless the
On Wed, 2002-06-12 at 21:25, Chris Gushue wrote:
> Andrew Perrin wrote:
[snip]
> On my home router, I'm still using a 2.2 kernel. I tried 2.4 at one
> point, but found the ipmasq modules lacking (unless I missed something,
> which is likely). Overall, it shouldn't hurt to stick with ipchains
> u
On Wed, Jun 12, 2002 at 10:16:09PM -0400, Andrew Perrin wrote:
| I'd like to upgrade my home machine's kernel to 2.4.18, but I'm not too
| excited about moving from ipchains to iptables. (This machine acts as a
| router from the home network [on eth0] and our DSL service [eth1].) So, a
| few quest
hi ya andrew
On Wed, 12 Jun 2002, Andrew Perrin wrote:
> I'd like to upgrade my home machine's kernel to 2.4.18, but I'm not too
> excited about moving from ipchains to iptables. (This machine acts as a
> router from the home network [on eth0] and our DSL service [eth1].) So, a
> few questions:
Andrew Perrin wrote:
I'd like to upgrade my home machine's kernel to 2.4.18, but I'm not too
excited about moving from ipchains to iptables. (This machine acts as a
router from the home network [on eth0] and our DSL service [eth1].) So, a
few questions:
- How easy or hard is it to migrate an ip
There is no provision that I am aware of in 2.2 kernels for iptables.
You do have to set up packet filtering, etc., when you build your
kernel. 2.4 kernels do allow for ipchains, but you must selet that
option when you build them. Selecting one (ipchains or iptables)
blocks use of the other, so t
On Sun, Sep 09, 2012 at 01:26:00 -0600, Dave Price wrote:
> I have a firewall running ipchain/ipfwadm. I cannot seem to connect
> 'out' thru this firewall with a masqueraded connection using IPSEC - I
> have a laptop (win) that need to run a nortel vpn client - supposedly
> NAT is no problem for t
On Sun, Sep 09, 2012 at 01:26:00AM -0600, Dave Price wrote:
> I have a firewall running ipchain/ipfwadm. I cannot seem to connect
> 'out' thru this firewall with a masqueraded connection using IPSEC - I
> have a laptop (win) that need to run a nortel vpn client - supposedly
> NAT is no problem for
It turns out that the reason I couldn't access my web page from the outside
is my ISP is blocking packets going to port 80. If I use another port it
works fine! Thanks to those who responded and tried to help!
Bruce
-Original Message-
From: Bodnyk, Bruce W [mailto:[EMAIL PROTECTED]
Sent:
Bodnyk, Bruce W wrote:
How do i:
1) Add the necessary rules to allow me to telnet into my firewall?
ipchains -I input 1 -p tcp --destination IP_ADDRESS_OF_FIREWALL --dport
23 -j ACCEPT
2) What rules do I need to allow access to my apache web server that
is not on the firewall but instal
Lo, on Monday, February 25, [EMAIL PROTECTED] did write:
> Just wondering if Debian had any specific place to put ipchains stuff for
> initialising the rules on bootup.
See the ipmasq package.
Richard
Pada Mon, 25 Feb 2002 12:52:34 +1100
[EMAIL PROTECTED] menulis:
> Just wondering if Debian had any specific place to put ipchains stuff for
> initialising the rules on bootup.
>
> R,
>
> AJFC.
>
> PS. Please CC responses, I'm not currently subscribed.
>
>
>
Just make a script in /etc/init.d
"Bryan K. Walton" wrote:
>
> Feb 22 17:21:43 cortafuegos kernel: Packet log: input DENY eth0 PROTO=6
> 66.28.69.136:80 66.222.30.128:62556 L=48 S=0x00 I=162
> 0 F=0x4000 T=51 (#26)
>
> Can anyone help me pinpoint my problem? I am really scratching my head
> on this one.
Those numbers on the end
Uhmmm...
I said i was using tiny personal firewall on windows...
My question was about linux...not about windows...
cheerios
Willem.
At 14:41 30-12-2001 +0100, you wrote:
>You should use a personal firewall on your Windoze system for that.
wsa <[EMAIL PROTECTED]> writes:
> feature, collects
wsa <[EMAIL PROTECTED]> writes:
> feature, collects info on my system and sends it home via port
> 80which in my ruleset
>
> is an allowed port because i need that port for the web.
> How would i ever block such a thing(without knowing in advance that it
> will call home and
>
> to which adr
hi ya paul
on your deb box...
debian:/usr/doc/netbase/ipchains*
ipchains config and examples..
http://www.Linux-Sec.net/Firewall/
the only one that is debian specific that is noted is
http://www.debiandiary.f2s.com/files/iptables.sh
have fun linuxing
alvin
http://www.Linux-1U.net ... 1.6TeraBy
On Mon, Dec 10, 2001 at 10:36:10PM -0800, Paul Condon wrote:
> I recall seeing somewhere on my machine recently a document that
> detailed the Debian setup of ipchains. Now I am attempting to set up
> ipchains and I can't find it. I know about man, apropos, locate, etc,
...
# apt-get install ipmasq
On Thu, Dec 06, 2001 at 11:55:28AM +1100, Rebecca Dridan wrote (1.00):
> pluto kernel: Packet log: input DENY eth0 PROTO=1 210.86.82.93:3 xx.xx.xx.xx:3
> .
>
> I've found out that that's an ICMP packet, with type Desination Unreadable and
> code Port Unreachable, but I'm not sure what this mea
On Wed, Dec 05, 2001 at 08:47:11PM -0500, Stephen Gran wrote:
> Thus spake Rebecca Dridan:
> > Hi,
> >
> > I'm just setting up a masquerading firewall and I'm getting some log
> > messages
> > I don't completely understand like the follwing:
> >
> > pluto kernel: Packet log: input DENY eth0 PROT
Thus spake Rebecca Dridan:
> Hi,
>
> I'm just setting up a masquerading firewall and I'm getting some log messages
> I don't completely understand like the follwing:
>
> pluto kernel: Packet log: input DENY eth0 PROTO=1 210.86.82.93:3 xx.xx.xx.xx:3
> .
>
> I've found out that that's an ICMP
On Thu, Oct 18, 2001 at 10:27:21AM +1000, Craig wrote:
> Hi,
> I am curious as what each field refers to I know that the example is, date
> hostname then deny 24.242.71.87 src port 137 to my box on port 137 proto 17
> which I believe is udp, however the rest fails me (also does someone have a
> com
attached is shell script
set these three variables accordingly
at top of script and run, I am using right now
on a dialup connection :-)
EXTERNALIP="207.41.66.332" could be 0.0.0.0/0.0.0.0 for dialup
NETWORKIP="192.168.0.50/255.255.255.0" private network
INTERNALNETIP="192.168.0.50/2
sure...is it well-commented?
--
*lol*
Sent through GMX FreeMail - http://www.gmx.net
Of course "ipmasq" like others suggested but I fortify it with
additional rules to make most of unused server port unaccessible!
deny most of 1-1023 for both incomming and out going.
You can find example rule files here.
http://www.aokiconsulting.com/pub/
On Thu, Aug 30, 2001 at 10:07:06PM +000
#include
Rajesh Fowkar wrote on Thu Aug 30, 2001 um 10:07:06PM:
> What is the minimum firewall that can be build & required for a home user ?
> On a dial-up line.
> Using ipchains.
apt-get install ipmasq
Gruss/Regards,
Eduard.
--
Linux braucht kein Mensch, aber Mensch braucht Linux!
On Thu, Aug 30, 2001 at 11:51:01PM +, Rajesh Fowkar wrote:
| Jason Majors saw fit to inform me that:
| >The minimum is none. :)
| >I don't know if you really need firewalling...do you have a network on the
| >other side of that machine?
|
| Yes. That is Internet :-) When I am connected throug
Jason Majors saw fit to inform me that:
>The minimum is none. :)
>I don't know if you really need firewalling...do you have a network on the
>other side of that machine?
Yes. That is Internet :-) When I am connected through Dial-Up :-)
Warm Regards
--
--
Martin Feeney saw fit to inform me that:
>On Thu, 30 Aug 2001 23:07:06 Rajesh Fowkar wrote:
>
>> What is the minimum firewall that can be build & required for a home user ?
>> On a dial-up line.
>> Using ipchains.
>
>apt-get install ipmasq
>
>It'll do pretty much what you want with plenty of sani
The minimum is none. :)
I don't know if you really need firewalling...do you have a network on the
other side of that machine?
What you probably want is just to close down ports you don't use.
Use nmap to see what ports are active and close those you don't want or need.
That should give you pretty
On Thu, Aug 30, 2001 at 10:07:06PM +, Rajesh Fowkar wrote:
| Hi,
|
| What is the minimum firewall that can be build & required for a home user ?
| On a dial-up line.
| Using ipchains.
It all depends on how open/closed you want to be. With a dial-up line
it is not likely (though still possib
On Thu, 30 Aug 2001 23:07:06 Rajesh Fowkar wrote:
> What is the minimum firewall that can be build & required for a home user ?
> On a dial-up line.
> Using ipchains.
apt-get install ipmasq
It'll do pretty much what you want with plenty of sanity-level security.
It also provides an rc-style set
Hi.
I saw this before.
> Has anyone seen this before?
>
> #ipchains -A input -j REDIRECT 80 -p tcp -s 0.0.0.0/0 -d 1.2.3.4/0 80
> ipchains: No target by that name (Maybe this kernel doesn't support
> transparent proxying?)
Maybe your kernel doesn't support transparent proxying? :)
--
Alexey
What is ippp0? shouldn't that be ppp0 for you?
What part of the chain are the rules in? If they are "appended" to the
bottom and a rule above matches they'll never get hit. Try -I input to
"Insert" them into the top. They should match then.
--mike
On 08 Aug 2001 10:18:37 +0200, [EMAIL PROTEC
On Aug 01 2001, [EMAIL PROTECTED] wrote:
> What applications usually try to open a connection from outside?
Some common connections that I can think of now are FTP in
active mode does (but you can get around that informing your
FTP clients to use passive mode) and identd ("
On Tue, 31 Jul 2001 12:14:20 PDT, "Karsten M. Self" writes:
>> On Wed, Jul 25, 2001 at 01:38:19PM -0400, Jason Healy wrote:
>> > > Are there any drawbacks to DENY? Is there a general consensus on this
>> > > subject?
>The benefits are twofold:
>
> - For a two-stage scan, DENY gives the appearan
on Wed, Jul 25, 2001 at 02:32:51PM -0400, Noah Meyerhans ([EMAIL PROTECTED])
wrote:
> On Wed, Jul 25, 2001 at 01:38:19PM -0400, Jason Healy wrote:
> > > Are there any drawbacks to DENY? Is there a general consensus on this
> > > subject?
> >
> > In general, DENY is good because it does just what
On 07/26/01 20:20:05 -0700, Vineet Kumar wrote:
> I notice you've already applied another solution, but I hope I can
> provide some direction should you (or anyone else) decide they'd like
> to do it yourself:
>
> I have found that the most useful thing in setting up ipchains or
> iptables is to
* Mark Wagnon ([EMAIL PROTECTED]) [010722 00:24]:
> Hi all,
>
> I'm playing around with ipchains, but I'm just not getting the
> example given in the IPCHAINS-HOWTO. It's based on a system that's
> forwarding packets, but I'm not doing that. All I have is a single box
> connected to the world with
On Wed, 25 Jul 2001 17:12:22 PDT, Alvin Oga writes:
>> >Moral of that story is to make sure that you either run an ident
>> >server, or set it to REJECT.
>>
>> Well, I wouldn´t (and don´t) run identd, since I have no intention of
>> revealing the name of the user running a particular service (i
hi ya
> >Moral of that story is to make sure that you either run an ident
> >server, or set it to REJECT.
>
> Well, I wouldn´t (and don´t) run identd, since I have no intention of
> revealing the name of the user running a particular service (in
if one runs identd... any incoming email addr
On Wed, 25 Jul 2001 13:38:19 EDT, Jason Healy writes:
>The other problem is that if you DENY certain oft-used services, you
>can cause problems. For example, if you DENY on the ident service
>port, machines trying to connect to you will timeout waiting for ident
>info. Some mail servers try to
At 996089571s since epoch (07/25/01 14:32:51 -0400 UTC), Noah Meyerhans wrote:
> There's definitely no consensus on this; it's largely a matter of
> personal taste.
I definitely agree there.
> I don't see how making portscans take longer equates to making them
> more difficult to perform, as you
On Wed, Jul 25, 2001 at 01:38:19PM -0400, Jason Healy wrote:
> > Are there any drawbacks to DENY? Is there a general consensus on this
> > subject?
>
> In general, DENY is good because it does just what your friend says.
> This also makes things like portscans more difficult, as they take
> longe
At 996072286s since epoch (07/25/01 12:44:46 -0400 UTC), Matthew Thompson wrote:
> I was talking with a friend of mine who said it's better to have a policy
> of DENY since that doesn't return any information and if someone is trying
> to attack the machine on a closed port, it will take much longe
On 22 Jul 2001, Bob Nielsen wrote:
> 2.0.x kernels do not use ipchains, but use ipfwadm instead.
Aha! Wonderful, thanks. Yes, I just read the Firewall HOWTO which says:
The bilt in Linux firewall have changed several times. If you are
using an old Linux kernel (1.0.x or older) geta new copy.
On 07/22/01 17:27:58 +1000, Sam Varghese wrote:
> Have a look at
> http://logi.cc/linux/ipchainsLogAnalyzer.php3
I'm sure I'll be using this to decipher logs in the near future.
Thanks for the link!
--
Mark Wagnon <[EMAIL PROTECTED]>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> If I may ask, why do you not like it?
The rules it produces are long and complex - that makes it hard to figure
out if you did something wrong while configuring the firewall.
> Is there so
On 07/22/01 02:27:26 -0500, Phil Brutsche wrote:
> I'm not a big fan of it but pmfirewall is a popular starting point for
> people new to setting up firewalls. It can be found at
> http://freshmeat.net
Thanks for the link. I used to to get set up and now I'm in the
process of looking through the
On Sun, Jul 22, 2001 at 05:15:11PM +0200, Joost Kooij wrote:
> On Sun, Jul 22, 2001 at 10:59:15AM +0200, Gary Jones wrote:
> > Joost Kooij wrote:
> >
> > > On Sat, Jul 21, 2001 at 08:34:48PM +0200, Gary Jones wrote:
> > > > ash-ock:/etc/init.d# ./firewall
> > > > bash: ./firewall: No such file or
On Sun, Jul 22, 2001 at 10:59:15AM +0200, Gary Jones wrote:
> Joost Kooij wrote:
>
> > On Sat, Jul 21, 2001 at 08:34:48PM +0200, Gary Jones wrote:
> > > ash-ock:/etc/init.d# ./firewall
> > > bash: ./firewall: No such file or directory
> [snip]
> > > What's going on? The script file is definitely t
On Sat, Jul 21, 2001 at 11:50:07PM -0700, Mark Wagnon wrote:
> I'm playing around with ipchains, but I'm just not getting the
> example given in the IPCHAINS-HOWTO. It's based on a system that's
> forwarding packets, but I'm not doing that. All I have is a single box
> connected to the world with a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> Hi all,
>
> I'm playing around with ipchains, but I'm just not getting the
> example given in the IPCHAINS-HOWTO. It's based on a system that's
> forwarding packets, but I'm not doing that.
Lindsay Allen wrote:
> Thank you, thank you.
>
> I just checked to see if you had filed a bug report and found that the bug
> (and the fix) had been filed 11 days ago.
>
> One good thing about this bug is that all those console messages about my
> ipchains REJECTs and DENYs resulted in a better
On Tue, 1 May 2001, Miquel Mart?n L?pez wrote:
> Hi there!
> Sorry to bring up such an old threat, but I didn't see any solutions posted,
> and I just found the cause.
>
> The problem was ipchains (or iptables) printing messages on the console no
> matter how much you tried to make it shut up :)
In /etc/sysklogd.conf or something like that you can route all that
traffic to a tty, e.g. tty6.
I did it that way and now all other tty's keep quiet.
I'm sorry, because now I'm not at my server (down in the cellar) to have
a look at the files and Windoze dosen't have ssh.
Michael
--
Michael Stei
On Tue, 24 Apr 2001, Lindsay Allen wrote:
> > I suspect restarting syslogd without restarting klogd AFTER syslogd finishes
> > reloading causes this, but I haven't tested. ipchains can't be at fault, it
> > logs to the kernel ringbuffer.
>
> Hey, that might be it after all. I just restarted klogd
On Mon, 23 Apr 2001, Henrique M Holschuh wrote:
> On Mon, 23 Apr 2001, Lindsay Allen wrote:
> > All that has been done when I shut down to install a tape drive. (And a
> > new kernel, of course.) Some time back I had three daemons writing to the
> > screen, but now it is just ipchains. I would
On Mon, 23 Apr 2001, Lindsay Allen wrote:
> All that has been done when I shut down to install a tape drive. (And a
> new kernel, of course.) Some time back I had three daemons writing to the
> screen, but now it is just ipchains. I would have submitted a bug, but it
> could be syslogd, klogd or
On Mon, 23 Apr 2001, Henrique M Holschuh wrote:
> On Mon, 23 Apr 2001, Lindsay Allen wrote:
> > On Sun, 22 Apr 2001, Keith Johnson wrote:
> > > As per subject. Quite annoying when I am trying to do important
> > > things. (Like play nethack).
> >
> > You are not alone. This has been happening he
On Mon, 23 Apr 2001, Lindsay Allen wrote:
> On Sun, 22 Apr 2001, Keith Johnson wrote:
> > As per subject. Quite annoying when I am trying to do important
> > things. (Like play nethack).
>
> You are not alone. This has been happening here for 6 weeks or so. It
> has one advantage - I can see the
On Sun, 22 Apr 2001, Keith Johnson wrote:
> As per subject. Quite annoying when I am trying to do important
> things. (Like play nethack).
>
> I am using firestarter v6.1 with debian woody.
>
> Thanks for any help
You are not alone. This has been happening here for 6 weeks or so. It
has one a
On Wed, Mar 28, 2001 at 09:11:41AM +, Christopher Clark wrote:
> On the uk.comp.os.linux newsgroup recently, a gentleman remarked that he
> re-initialised his (type -P input DENY style ) firewall every ten minutes
> from a cron job. When asked why, he said because of ipchains -F; ipchains -X
also sprach Andrew Perrin (on Thu, 08 Mar 2001 09:36:55AM -0500):
> Is there any way to check the present value of this? I think it's already
> set for 7200, but it seems to time out earlier.
the only way i could think off is to create a connection that goes
through MASQ and then to inspect the ti
Is there any way to check the present value of this? I think it's already
set for 7200, but it seems to time out earlier.
--
Andrew J Perrin - Ph.D. Candidate, UC Berkeley, Dept. of Sociology
Chapel Hill, North Carolina, USA - h
also sprach Andrew Perrin (on Wed, 07 Mar 2001 08:11:50PM -0500):
> The problem I'm running into is that my wife's e-mail (which uses
> IMAP) often gets "TCP/IP Connection Dropped" errors. I suspect that these
> happen when ipchains times out her port mapping. Can someone help with
> setting ipchai
1 - 100 of 185 matches
Mail list logo
