Maybe it works?:

[Cyberclops]

Apr 11 11:32:30 a24b161n139client142 kernel: Packet log: input ACCEPT
eth0 PROTO=1 128.171.192.64:8 24.161.139.142:0 L=84 S=0x00 I=0 F=0x4000
T=54 (#6)
Warren Togami wrote:
> 
> I am glad to hear you got it working, but please understand this.
> 
> That script has rules for INPUT, FORWARD, OUTPUT and possibly other chains.
> Your computer is NOT a firewall, and that script sets rules mainly on the
> FORWARD chain.  The FORWARD chain does nothing to your ruleset because you
> are not routing packets.  You made it work by fixing an INPUT chain,
> possibly by removing some restricting rule.
> 
> So... yeah it works now, but only because your current rules are no
> different than without the script on the INPUT and OUTPUT chains.
> Everything in the FORWARD chain is doing nothing but using RAM.
> 
> Also please understand that SuSE is no different than any other Linux
> distribution using the 2.4 kernel.  There is nothing "state of the art"
> about it beyond being the first to release a 2.4 kernel distribution, though
> the installation and configuration looks much cleaner in SuSE.  That SuSE
> firewall script will run the same way in any other Linux distribution (using
> a 2.4 kernel with Netfilter included).
> 
> I am curious, could you type "iptables -L" and e-mail the chains that
> output?
> 
> ----- Original Message -----
> From: "Cyberclops" <Cyberclops at hawaii.rr.com>
> To: "Linux & Unix Advocates & Users" <luau at list.luau.hi.net>
> Sent: Wednesday, April 11, 2001 10:27 AM
> Subject: [luau] Re:Maybe it works?:
> 
> > Just as you posted this, I believe I have it working.  At least I
> > believe this log message shows it is working.  I'm now going back over
> > the SuSE firewall to eliminate as much stuff as possible to see exactly
> > what made it work, and what didn't have any effect.  Then I will post
> > the line that made if work for comment.  While I sure securing a system
> > in a traditional manner is a good idea, I still remain a believer in the
> > SuSE firewall, as my understanding is that "it is state of the art" as
> > compared to previous Linux kernels.  Plus SuSE has their own way of
> > doing things which is different from other Linux distributions I have
> > tried.  Moreover, I like SuSE 7.1 better than any other Linux
> > distribution I have tried.  To be blunt, it is the only one that has
> > worked with any relative ease and actually worked.  A lot of people tout
> > Mandrake as being great.  I did try Mandrake 7.0, 7.1, and 7.2.  My
> > personal experience was that Mandrake 7.2 was a disappointment for many
> > different reasons.  In contrast my experience with SuSE 7.1 is that
> > while not being totally easy to use, it is acceptable, and best of all,
> > it appears to be absolutely solid.  That's why I would like to get it
> > working up to it's full potential.  One thing that's great about Linux,
> > is that if you don't like one distribution, there's always another one
> > to choose.  This competition among distributions is very heathy.  I just
> > wish some of the self appointed experts who advocate Mandrake as being
> > the best solution would give SuSE 7.1 an honest evaluation.  I have
> > noticed there have been several people who state Mandrake 7.2 or (8.0
> > beta) is the best, yet they seemingly have no experience with SuSE 7.1.
> > Anyway please excuse me for being stubborn about SuSE 7.1.  It's just
> > that I have tried many distributions at this point and have found SuSE
> > 7.1 to be the best so far for my tastes.  I know their firewall works,
> > so it seems to be both the simplest and easiest solution is to learn how
> > to properly configure it.
> >
> >
> >
> > Apr 11 09:53:22 a24b161n139client142 ntpdate[487]: step time server
> > 128.2.191.71 offset -0.002408 sec
> > Apr 11 09:53:22 a24b161n139client142 xntpd[492]: ntpd 4.0.99f Mon Apr  9
> > 19:30:07 GMT 2001 (1)
> > Apr 11 09:53:22 a24b161n139client142 xntpd[492]: signal_no_reset: signal
> > 13 had flags 4000000
> > Apr 11 09:53:22 a24b161n139client142 xntpd[492]: precision = 9 usec
> > Apr 11 09:53:22 a24b161n139client142 xntpd[492]: kern_enable is 1
> > Apr 11 09:53:22 a24b161n139client142 xntpd[492]: using kernel phase-lock
> > loop 0040
> > Apr 11 09:53:23 a24b161n139client142 xntpd[492]: frequency initialized
> > 0.000 from /etc/ntp.drift
> > Apr 11 09:53:23 a24b161n139client142 xntpd[492]: using kernel phase-lock
> > loop 0041
> > Warren Togami wrote:
> > >
> > > On Saturday after I realized you had a single NIC, I realized what you
> were
> > > trying to do.  I tried to explain to you that a "firewall" is NOT what
> you
> > > want, especially that firewall script in particular.  Most firewall
> scripts
> > > like the one you are trying to make work are designed to use two network
> > > interfaces, filtering traffic from the outside internet to a local area
> > > network.  You do not have two network interfaces.  You are confusing the
> > > need for a "firewall" with those personal firewall products for Windows
> like
> > > Zonealarm, Zonefree or BlackIce Defender.  These products are arguably
> not
> > > firewalls in a traditional sense.  They simply track and disallow
> certain
> > > types of packets from entering or leaving your computer, and perhaps log
> > > data.
> > >
> > > Most users of Linux do not go to this extreme because it is simply not
> > > needed.  This is a very advanced topic, the likes of which very few of
> us on
> > > this list have even begun to master.  I would suggest securing your
> system
> > > in the normal way first, learning a bit more about the services, TCP
> > > wrappers, kernel configuration, Netfilter and iptables.  At that point
> you
> > > will understand that a "personal firewall" is NOT needed, though you can
> > > easily implement rules to make one if you want.
> > >
> > > This is the third time I will say this: Please do not persist in trying
> to
> > > make this script work on your system.  This script was NOT designed to
> do
> > > what you want.  Please start from scratch with simple INPUT and OUTPUT
> > > chains and work from there.  But first, secure your services and the
> kernel
> > > the normal way.
> > >
> > > As for the services to disable, please refer to this discussion about
> some
> > > services and their descriptions.
> > > http://forum.mplug.org/viewthread.php3?FID=4&TID=3
> > >
> > > If you have any further questions please post again.
> >
> > ---
> > You are currently subscribed to luau as: warren at togami.com
> > To unsubscribe send a blank email to $subst('Email.Unsub')
> >
> 
> ---
> You are currently subscribed to luau as: Cyberclops at hawaii.rr.com
> To unsubscribe send a blank email to $subst('Email.Unsub')