Maybe it works?:

Cyberclops Cyberclops at hawaii.rr.com
Wed Apr 11 13:27:58 PDT 2001 

Just as you posted this, I believe I have it working.  At least I
believe this log message shows it is working.  I'm now going back over
the SuSE firewall to eliminate as much stuff as possible to see exactly
what made it work, and what didn't have any effect.  Then I will post
the line that made if work for comment.  While I sure securing a system
in a traditional manner is a good idea, I still remain a believer in the
SuSE firewall, as my understanding is that "it is state of the art" as
compared to previous Linux kernels.  Plus SuSE has their own way of
doing things which is different from other Linux distributions I have
tried.  Moreover, I like SuSE 7.1 better than any other Linux
distribution I have tried.  To be blunt, it is the only one that has
worked with any relative ease and actually worked.  A lot of people tout
Mandrake as being great.  I did try Mandrake 7.0, 7.1, and 7.2.  My
personal experience was that Mandrake 7.2 was a disappointment for many
different reasons.  In contrast my experience with SuSE 7.1 is that
while not being totally easy to use, it is acceptable, and best of all,
it appears to be absolutely solid.  That's why I would like to get it
working up to it's full potential.  One thing that's great about Linux,
is that if you don't like one distribution, there's always another one
to choose.  This competition among distributions is very heathy.  I just
wish some of the self appointed experts who advocate Mandrake as being
the best solution would give SuSE 7.1 an honest evaluation.  I have
noticed there have been several people who state Mandrake 7.2 or (8.0
beta) is the best, yet they seemingly have no experience with SuSE 7.1. 
Anyway please excuse me for being stubborn about SuSE 7.1.  It's just
that I have tried many distributions at this point and have found SuSE
7.1 to be the best so far for my tastes.  I know their firewall works,
so it seems to be both the simplest and easiest solution is to learn how
to properly configure it.



Apr 11 09:53:22 a24b161n139client142 ntpdate[487]: step time server
128.2.191.71 offset -0.002408 sec
Apr 11 09:53:22 a24b161n139client142 xntpd[492]: ntpd 4.0.99f Mon Apr  9
19:30:07 GMT 2001 (1)
Apr 11 09:53:22 a24b161n139client142 xntpd[492]: signal_no_reset: signal
13 had flags 4000000
Apr 11 09:53:22 a24b161n139client142 xntpd[492]: precision = 9 usec
Apr 11 09:53:22 a24b161n139client142 xntpd[492]: kern_enable is 1
Apr 11 09:53:22 a24b161n139client142 xntpd[492]: using kernel phase-lock
loop 0040
Apr 11 09:53:23 a24b161n139client142 xntpd[492]: frequency initialized
0.000 from /etc/ntp.drift
Apr 11 09:53:23 a24b161n139client142 xntpd[492]: using kernel phase-lock
loop 0041
Warren Togami wrote:
> 
> On Saturday after I realized you had a single NIC, I realized what you were
> trying to do.  I tried to explain to you that a "firewall" is NOT what you
> want, especially that firewall script in particular.  Most firewall scripts
> like the one you are trying to make work are designed to use two network
> interfaces, filtering traffic from the outside internet to a local area
> network.  You do not have two network interfaces.  You are confusing the
> need for a "firewall" with those personal firewall products for Windows like
> Zonealarm, Zonefree or BlackIce Defender.  These products are arguably not
> firewalls in a traditional sense.  They simply track and disallow certain
> types of packets from entering or leaving your computer, and perhaps log
> data.
> 
> Most users of Linux do not go to this extreme because it is simply not
> needed.  This is a very advanced topic, the likes of which very few of us on
> this list have even begun to master.  I would suggest securing your system
> in the normal way first, learning a bit more about the services, TCP
> wrappers, kernel configuration, Netfilter and iptables.  At that point you
> will understand that a "personal firewall" is NOT needed, though you can
> easily implement rules to make one if you want.
> 
> This is the third time I will say this: Please do not persist in trying to
> make this script work on your system.  This script was NOT designed to do
> what you want.  Please start from scratch with simple INPUT and OUTPUT
> chains and work from there.  But first, secure your services and the kernel
> the normal way.
> 
> As for the services to disable, please refer to this discussion about some
> services and their descriptions.
> http://forum.mplug.org/viewthread.php3?FID=4&TID=3
> 
> If you have any further questions please post again.

More information about the LUAU mailing list