[Firehol-support] firehol creates open firewall!
paracas at vodafone.net
paracas at vodafone.net
Wed Jun 8 18:12:53 BST 2005
Hi
I am just trying out FireHol (firehol-1.226-rh7up.noarch.rpm) on RH linux Enterprise 3 ES, on a machine with 2 interfaces , and when I use a simple /etc/firehol/firehol.conf like
version 5
interface eth1 mylan
policy reject
server "smtp ssh" accept
client ssh accept
interface eth0 internet
policy reject
server "smtp ssh" accept
client ssh accept
it creates a firewall which is completely open (if I scan it from the internet using nmap it shows many ports open).
RHEL3 uses iptables 1.2.8.
If necessary I can send you the output of 'firehol status' to show the actual iptables stuff generated, please let me know.
P.S incidentally, if I add 'protection strong' to interface eth0, then firehol barfs with
iptables v1.2.8: Unknown arg `--syn'
iptables v1.2.8: Unknown arg `--icmp-type'
iptables v1.2.8: Unknown arg `--tcp-flags'
so it looks as if the iptables that ships with RHEL3 is hobbled in some way? but I would expect FireHol still to produce a working firewall if it doesnt fail on syntax?
hope you can help, please let me know if you need any more info.
thanks
Robin
UK
More information about the Firehol-support
mailing list