[Firehol-support] New to forum -> Quick Q?s

Euman euman at bellsouth.net
Sat Apr 24 05:13:33 CEST 2004


On Friday 23 April 2004 10:22 pm, Euman wrote:
> Hello all,
>
> I have a problem in that first, my built-in Fedora statefull iptables were
> overwritten. Second, Sygate Firewall test proves that http and identd
> ports are closed not stealthed. Third, I run no server, I use this PC at
> home for experimentation of Linux. Could someone please give me a
> secure script that stealths the ports mentioned above? I only use irc
> on occasion, email, http, https and ftp
>
> I assume this is what I should have done, Im not sure...
> but, why two eth0's I mean, I only have one! plus sit0 that
> isnt supported by this utility.
>
> interface eth0 interface1 src "192.168.0.0/24" dst 192.168.0.144/32
> 	policy drop
>         protection strong
> 	client dhcp accept
> 	server ICMP reject #accept
> 	client all reject #accept
>
> # Interface No 2.
> interface eth0 interface2 src not "${UNROUTABLE_IPS} 192.168.0.0/24" dst
> 192.168.0.144/32
>
> 	policy drop
>         protection strong
> 	client dhcp accept
> 	server ICMP reject #accept
> 	client all reject #accept
>
> ### DEBUG: Processing interface 'sit0'
> # aha, no support thats bad
> # Ignoring interface 'sit0' because does not have an IP or route.
>
> Regards,
> Euman
>

Really much thanks, I stuck identd 113 in my router firewall to deny and, that
somehow stealthed http and identd together on three firewall test...

I still would enjoy a great script for what I described above...
I also would be interested to know if anyone is using portsentry and logcheck
in conjunction with firehol...?

Reagrds,
Euman




More information about the Firehol-support mailing list