|
Home > Archive > Linux Debian support > February 2007 > IP Tables/Chains
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Chuck Dubois 2007-02-12, 1:12 pm |
| Hi All,
I fired up a copy of Kanotix - interesting experience. I understand it's
a customized version of Debian. I'm having firewall problems and thought
to post here because of little response on the Kanotix board.
Basically, this version of Kanotix had no firewall utility. I'm told that
it used a standard IP tables firewall. I checked at GRC.com and saw that
I had three ports in stealth and all other common ports closed. I wanted
to change that to stealth all ports, so I fired up Guarddog and set
everything the way I like.
Unfortunately, the changes from Guarddog did not take. I went back into
Guarddog and opened a port. Again, the changes did not take.
This is the first time I've ever encountered this. Anyone have a clue
what's happening?
| |
| Peter J Ross 2007-02-14, 7:13 am |
| On Mon, 12 Feb 2007 07:15:57 -0600, Chuck Dubois
<C_Dubois@digitalcity.net> wrote in alt.os.linux.debian:
> Hi All,
>
> I fired up a copy of Kanotix - interesting experience. I understand it's
> a customized version of Debian. I'm having firewall problems and thought
> to post here because of little response on the Kanotix board.
>
> Basically, this version of Kanotix had no firewall utility. I'm told that
> it used a standard IP tables firewall. I checked at GRC.com and saw that
> I had three ports in stealth and all other common ports closed. I wanted
> to change that to stealth all ports, so I fired up Guarddog and set
> everything the way I like.
>
> Unfortunately, the changes from Guarddog did not take. I went back into
> Guarddog and opened a port. Again, the changes did not take.
>
> This is the first time I've ever encountered this. Anyone have a clue
> what's happening?
Two thoughts:
1. Are you using Guarddog as root? If not, it won't be able to create any
firewall rules.
2. Do you need to save changes explicitly in Guarddog before exiting?
If you can't get a result with Guarddog, it's quite easy to do what
you want from the command line. Run these four commands as root:
/sbin/iptables -F INPUT
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
You can find out exactly what these commands do from the iptables
manual and/or the documentation at netfilter.org.
To preserve the changes after rebooting, you can put the four commands
into an executable script and run it at start-up.
--
PJR :-)
|
|
|
|
|