[Firehol-support] firehol creates open firewall!
Costa Tsaousis
costa at tsaousis.gr
Wed Jun 8 19:21:57 BST 2005
Hi,
it has been reported that the BASH version shipped with some versions of
RHEL is faulty. Users affected used the fedora rpm of the same BASH
version with success.
If your BASH is not faulty, make sure you are not using some other
firewalling solution that may interfere.
Try the 'debug' or 'explain' option of FireHOL to verify you don't have a
faulty BASH.
Unfortunatelly, I don't use RHEL myself, so I suggest to fill a bug report
at RedHat for more help.
Regards,
Costa
On Wed, June 8, 2005 20:12, paracas at vodafone.net said:
> Hi
> I am just trying out FireHol (firehol-1.226-rh7up.noarch.rpm) on RH linux
> Enterprise 3 ES, on a machine with 2 interfaces , and when I use a simple
> /etc/firehol/firehol.conf like
>
> version 5
> interface eth1 mylan
> policy reject
> server "smtp ssh" accept
> client ssh accept
>
> interface eth0 internet
> policy reject
> server "smtp ssh" accept
> client ssh accept
>
> it creates a firewall which is completely open (if I scan it from the
> internet using nmap it shows many ports open).
>
> RHEL3 uses iptables 1.2.8.
> If necessary I can send you the output of 'firehol status' to show the
> actual iptables stuff generated, please let me know.
>
> P.S incidentally, if I add 'protection strong' to interface eth0, then
> firehol barfs with
> iptables v1.2.8: Unknown arg `--syn'
> iptables v1.2.8: Unknown arg `--icmp-type'
> iptables v1.2.8: Unknown arg `--tcp-flags'
> so it looks as if the iptables that ships with RHEL3 is hobbled in some
> way? but I would expect FireHol still to produce a working firewall if it
> doesnt fail on syntax?
> hope you can help, please let me know if you need any more info.
> thanks
> Robin
> UK
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: NEC IT Guy Games. How far can you
> shotput
> a projector? How fast can you ride your desk chair down the office luge
> track?
> If you want to score the big prize, get to know the little guy.
> Play to win an NEC 61" plasma display: http://www.necitguy.com/?r
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
>
More information about the Firehol-support
mailing list