Maybe it works?:
Cyberclops
Cyberclops at hawaii.rr.com
Wed Apr 11 14:26:14 PDT 2001
a24b161n139client142:~ # iptables -L
bash: iptables: command not found
a24b161n139client142:~ # iptables -L
bash: iptables: command not found
a24b161n139client142:~ #
I meant only that the "stateful" firewall in the 2.4 kernel is "state of
the art.
Why don't you try to hit me and see what happens. I'm 24.161.139.142
In a bit, I send you the lines I modified (configured) in the firewall
to let the time program passed. I agree that however I did it may not
be the best way to do it. That's why I value your opinion. In fact you
are not a self appointed expert, but an actual expert. You have never
told me anything that wasn't right on track. I appreciate your help.
Warren Togami wrote:
>
> I am glad to hear you got it working, but please understand this.
>
> That script has rules for INPUT, FORWARD, OUTPUT and possibly other chains.
> Your computer is NOT a firewall, and that script sets rules mainly on the
> FORWARD chain. The FORWARD chain does nothing to your ruleset because you
> are not routing packets. You made it work by fixing an INPUT chain,
> possibly by removing some restricting rule.
>
> So... yeah it works now, but only because your current rules are no
> different than without the script on the INPUT and OUTPUT chains.
> Everything in the FORWARD chain is doing nothing but using RAM.
>
> Also please understand that SuSE is no different than any other Linux
> distribution using the 2.4 kernel. There is nothing "state of the art"
> about it beyond being the first to release a 2.4 kernel distribution, though
> the installation and configuration looks much cleaner in SuSE. That SuSE
> firewall script will run the same way in any other Linux distribution (using
> a 2.4 kernel with Netfilter included).
>
> I am curious, could you type "iptables -L" and e-mail the chains that
> output?
>
> ----- Original Message -----
> From: "Cyberclops" <Cyberclops at hawaii.rr.com>
> To: "Linux & Unix Advocates & Users" <luau at list.luau.hi.net>
> Sent: Wednesday, April 11, 2001 10:27 AM
> Subject: [luau] Re:Maybe it works?:
>
> > Just as you posted this, I believe I have it working. At least I
> > believe this log message shows it is working. I'm now going back over
> > the SuSE firewall to eliminate as much stuff as possible to see exactly
> > what made it work, and what didn't have any effect. Then I will post
> > the line that made if work for comment. While I sure securing a system
> > in a traditional manner is a good idea, I still remain a believer in the
> > SuSE firewall, as my understanding is that "it is state of the art" as
> > compared to previous Linux kernels. Plus SuSE has their own way of
> > doing things which is different from other Linux distributions I have
> > tried. Moreover, I like SuSE 7.1 better than any other Linux
> > distribution I have tried. To be blunt, it is the only one that has
> > worked with any relative ease and actually worked. A lot of people tout
> > Mandrake as being great. I did try Mandrake 7.0, 7.1, and 7.2. My
> > personal experience was that Mandrake 7.2 was a disappointment for many
> > different reasons. In contrast my experience with SuSE 7.1 is that
> > while not being totally easy to use, it is acceptable, and best of all,
> > it appears to be absolutely solid. That's why I would like to get it
> > working up to it's full potential. One thing that's great about Linux,
> > is that if you don't like one distribution, there's always another one
> > to choose. This competition among distributions is very heathy. I just
> > wish some of the self appointed experts who advocate Mandrake as being
> > the best solution would give SuSE 7.1 an honest evaluation. I have
> > noticed there have been several people who state Mandrake 7.2 or (8.0
> > beta) is the best, yet they seemingly have no experience with SuSE 7.1.
> > Anyway please excuse me for being stubborn about SuSE 7.1. It's just
> > that I have tried many distributions at this point and have found SuSE
> > 7.1 to be the best so far for my tastes. I know their firewall works,
> > so it seems to be both the simplest and easiest solution is to learn how
> > to properly configure it.
> >
> >
> >
> > Apr 11 09:53:22 a24b161n139client142 ntpdate[487]: step time server
> > 128.2.191.71 offset -0.002408 sec
> > Apr 11 09:53:22 a24b161n139client142 xntpd[492]: ntpd 4.0.99f Mon Apr 9
> > 19:30:07 GMT 2001 (1)
> > Apr 11 09:53:22 a24b161n139client142 xntpd[492]: signal_no_reset: signal
> > 13 had flags 4000000
> > Apr 11 09:53:22 a24b161n139client142 xntpd[492]: precision = 9 usec
> > Apr 11 09:53:22 a24b161n139client142 xntpd[492]: kern_enable is 1
> > Apr 11 09:53:22 a24b161n139client142 xntpd[492]: using kernel phase-lock
> > loop 0040
> > Apr 11 09:53:23 a24b161n139client142 xntpd[492]: frequency initialized
> > 0.000 from /etc/ntp.drift
> > Apr 11 09:53:23 a24b161n139client142 xntpd[492]: using kernel phase-lock
> > loop 0041
> > Warren Togami wrote:
> > >
> > > On Saturday after I realized you had a single NIC, I realized what you
> were
> > > trying to do. I tried to explain to you that a "firewall" is NOT what
> you
> > > want, especially that firewall script in particular. Most firewall
> scripts
> > > like the one you are trying to make work are designed to use two network
> > > interfaces, filtering traffic from the outside internet to a local area
> > > network. You do not have two network interfaces. You are confusing the
> > > need for a "firewall" with those personal firewall products for Windows
> like
> > > Zonealarm, Zonefree or BlackIce Defender. These products are arguably
> not
> > > firewalls in a traditional sense. They simply track and disallow
> certain
> > > types of packets from entering or leaving your computer, and perhaps log
> > > data.
> > >
> > > Most users of Linux do not go to this extreme because it is simply not
> > > needed. This is a very advanced topic, the likes of which very few of
> us on
> > > this list have even begun to master. I would suggest securing your
> system
> > > in the normal way first, learning a bit more about the services, TCP
> > > wrappers, kernel configuration, Netfilter and iptables. At that point
> you
> > > will understand that a "personal firewall" is NOT needed, though you can
> > > easily implement rules to make one if you want.
> > >
> > > This is the third time I will say this: Please do not persist in trying
> to
> > > make this script work on your system. This script was NOT designed to
> do
> > > what you want. Please start from scratch with simple INPUT and OUTPUT
> > > chains and work from there. But first, secure your services and the
> kernel
> > > the normal way.
> > >
> > > As for the services to disable, please refer to this discussion about
> some
> > > services and their descriptions.
> > > http://forum.mplug.org/viewthread.php3?FID=4&TID=3
> > >
> > > If you have any further questions please post again.
> >
> > ---
> > You are currently subscribed to luau as: warren at togami.com
> > To unsubscribe send a blank email to $subst('Email.Unsub')
> >
>
> ---
> You are currently subscribed to luau as: Cyberclops at hawaii.rr.com
> To unsubscribe send a blank email to $subst('Email.Unsub')
More information about the LUAU
mailing list