Fireholl

[Lucasco]

Ahojte prosim pomozte mi nakonfigurovat firehol.

Na internetove aplikacie ktore vyuzivam:

Firefox
Evolution
Sim
a aktualizacie.

Ostatne vsetko chcem zakazat proste byt chraneny da sa to?

Dik za odpoved

Lukas

[truhlik]

jestli jsi ucenlivy tak toto je jak si pridat vlastni pravidlo do fireholu
http://firehol.sourceforge.net/adding.html
 a jeste toto je jiz preddefinovana pravidla pro firehol http://firehol.sourceforge.net/services.html\

neni to vubec nic tezkyho a i s moji spatnou anglictinou jsem tomu rozumel...stoji to opravdu za to si precist aspon pak porozumis tomu co delas...

Kdyby se ti nechtelo tak ti pomuzu...

[Lucasco]

je to od teba pekne,

ale radsej by som to mal zabezpecene a ucil sa to potom.. robim penazne prevody a tak.. posielam confidential maily.. tak keby si bol taky mily.. a pomohol. mi.. co najskor nech to mam..

dik

[truhlik]

Stahujes a odesilas postu prez sifrovany protocoly pop3s nebo smtps
Pokud bez sifrovani tak zakomentuj radek: client pop3s accept, client smtps accept
Pokud se sifrovanim tak naopak zakomentuj: client pop accept, client smtp accept

Jinak bych to videl takhle:

Predpokladam ze mas firehol naistalovany takze pak z edituj konfiguracni soubor

Kód: [Vybrat]

sudo gedit /etc/firehol/firehol.confA vloz do nej nasledujici radky...

Kód: [Vybrat]

#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#

version 5

# Accept all client traffic on any interface
#interface any world
#client all accept

DEFAULT_CLIENT_PORTS="1024:65535"

server_icq_ports="tcp/5190"
client_icq_ports="default"

interface eth0 internet
    policy drop
    protection strong 10/sec 10
    server ident reject with tcp-reset
#   server ssh    accept
#   server ping    accept
    client icmp  accept
    client dhcp  accept
    client dns    accept
    client http    accept
    client https    accept
    client smtp  accept
    client smtps accept
    client ftp    accept
    client ntp    accept
#    client ssh    accept
    client icq    accept
#    client jabber    accept
    client cups    accept
#    client samba    accept
#    client ping accept
    client pop3 accept
    client pop3s accept

UNMATCHED_INPUT_POLICY="DROP"
UNMATCHED_OUTPUT_POLICY="DROP"
FIREHOL_LOG_LEVEL=4


[truhlik]

[query=lukas.svoboda]
6. Firewall - FireHOL
Heslo Bezpečnost především platí i v Linuxu, proto je vhodné mít správně nakonfigurovaný firewall. K tomuto účelu se mi dobře osvědčil FireHOL, nástroj pro generování pravidel iptables. FireHOL nemá grafické rozhraní (jako například Firestarter, popisovaný níže), konfiguruje se prostřednictvím textového souboru, jeho syntaxe je ale jednoduchá, přehledná a snadno pochopitelná. Bez problémů lze nastavit ochranu firewallem pro více síťových rozhraní, na několika řádcích lze provést kompletní nastavení pro router. Po nainstalování FireHOLu příkazem
Kód:

sudo apt-get install firehol

nejdřive upravte soubor /etc/default/firehol, kde řádek START_FIREHOL=NO změňte na START_FIREHOL=YES. Poté si otevřete hlavní konfigurační soubor FireHOLu, který se nachází v /etc/firehol/firehol.conf. Úpravy tohoto souboru lze provádět výhradně s právy superuživatele. Pro začátek do tohoto souboru uložte tento text:
Kód:

#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#

version 5

# Accept all client traffic on any interface
# interface any world
# client all accept

DEFAULT_CLIENT_PORTS="1024:65535"

server_icq_ports="tcp/5190"
client_icq_ports="default"

interface eth+ internet src not "${UNROUTABLE_IPS}"
   policy drop
   protection strong 10/sec 10
   server ident reject with tcp-reset
#   server ssh   accept
#   server ping   accept
   client dhcp   accept
   client dns   accept
   client http   accept
   client https   accept
   client ftp   accept
   client ntp   accept
   client ssh   accept
   client icq   accept
   client jabber   accept
   client cups   accept
   client samba   accept

UNMATCHED_INPUT_POLICY="DROP"
UNMATCHED_OUTPUT_POLICY="DROP"
FIREHOL_LOG_LEVEL=4

V tomto nastavení získáte velmi slušnou úroveň zabezpečení počítače včetně ochrany proti útokům typu DoS a dalším. Všechny serverové služby jsou blokované (ssh a odpověď na ping stačí odkomentovat). Jsou povolené pouze základní klientské služby, nastavené lze ještě zpřísnit omezením každé povolené služby pouze pro definované rozsahy zdrojových a/nebo cílových IP adres. Další nastavení lze snadno doplnit, na domácí stránce projektu http://firehol.sourceforge.net je k dipozici výborná dokumentace. FireHOL nastartujete příkazem
Kód:

sudo firehol restart

FireHOL automaticky staruje během každého dalšího startu systému.
Tip: pokud jste připojeni za routerem, který provádí překlad adres (NAT), nahraďte řádek
Kód:

interface eth+ internet src not "${UNROUTABLE_IPS}"

řádkem
Kód:

interface eth+ internet

Funkčnost právě nainstalovaného firewallu si můžete vyzkoušet na některém z online dostupných testů zabezpečení:
http://www.hackerwatch.org/probe/
https://www.grc.com/x/ne.dll?bh0bkyd2
http://www.auditmypc.com/
http://scan.sygate.com/
http://www.pcflank.com/about.htm

Více o problematice Firewallů v Linuxu viz. např.
http://www.root.cz/clanky/firehol-nejsnazsi-firewall/
http://www.root.cz/serialy/stavime-firewall/
http://www.root.cz/serialy/vse-o-iptables/
http://www.root.cz/zpravicky/jak-konfigurovat-iptables/
[/query]

[Lucasco]

dakujem ale neda sa to nahodit vypisuje mi to dake chybne hlasky ked dam restart firehol.

skusim pastnut..

a BTW: v screene  client pop3s   accpet je chyba.. ma to byt accept.. tak oprav..

--------------------------------------------------------------------------------
ERROR   : # 13.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_https_c6 -p tcp --sport 443 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 14.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_smtp_c7 -p tcp --sport 32768:61000 --dport 25 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 15.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_smtp_c7 -p tcp --sport 25 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 16.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_smtps_c8 -p tcp --sport 32768:61000 --dport 465 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 17.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_smtps_c8 -p tcp --sport 465 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 18.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_ftp_c9 -p tcp --sport 32768:61000 --dport ftp -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 19.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_ftp_c9 -p tcp --sport ftp --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 20.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_ftp_c9 -p tcp --sport ftp-data --dport 32768:61000 -m state '' --state ESTABLISHED\,RELATED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 21.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_ftp_c9 -p tcp --sport 32768:61000 --dport ftp-data -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 22.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_ftp_c9 -p tcp --sport 32768:61000 --dport 1024:65535 -m state '' --state ESTABLISHED\,RELATED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 23.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_ftp_c9 -p tcp --sport 1024:65535 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 24.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_ntp_c10 -p udp --sport 123 --dport 123 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 25.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_ntp_c10 -p udp --sport 123 --dport 123 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 26.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_ntp_c10 -p udp --sport 32768:61000 --dport 123 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 27.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_ntp_c10 -p udp --sport 123 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 28.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_ntp_c10 -p tcp --sport 123 --dport 123 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 29.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_ntp_c10 -p tcp --sport 123 --dport 123 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 30.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_ntp_c10 -p tcp --sport 32768:61000 --dport 123 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 31.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_ntp_c10 -p tcp --sport 123 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 32.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_icq_c11 -p tcp --sport 32768:61000 --dport 5190 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 33.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_icq_c11 -p tcp --sport 5190 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 34.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_cups_c12 -p tcp --sport 32768:61000 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 35.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_cups_c12 -p tcp --sport 631 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 36.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_cups_c12 -p tcp --sport 631 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 37.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_cups_c12 -p tcp --sport 631 --dport 631 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 38.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_cups_c12 -p udp --sport 32768:61000 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 39.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_cups_c12 -p udp --sport 631 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 40.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_cups_c12 -p udp --sport 631 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 41.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_cups_c12 -p udp --sport 631 --dport 631 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 42.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_pop3_c13 -p tcp --sport 32768:61000 --dport 110 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 43.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_pop3_c13 -p tcp --sport 110 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 44.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_pop3s_c14 -p tcp --sport 32768:61000 --dport 995 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 45.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_pop3s_c14 -p tcp --sport 995 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 46.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet -m state '' --state RELATED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 47.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet -m state '' --state RELATED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 48.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A INPUT -m state '' --state RELATED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 49.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A OUTPUT -m state '' --state RELATED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 50.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A FORWARD -m state '' --state RELATED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'

Stopped: Couldn't activate new firewall.

FireHOL: Restoring old firewall: OK

[truhlik]

Mas Gibona nebo Feisty?

[Lucasco]

Ahoj..

gibona.. pred nedavnom som ho aktualizoval s feisty.
Meni sa tam daco v conf?.Preco to nefunguje?

Dik za odp.

Lukas

[truhlik]

Moc moudry z toho nejsem. Me firehol funguje bezproblemu. Jeste to zkusim projet googlem ty tvoje logy.

[Lucasco]

Ahoj ...

Dik moc.. dam sem este presne co som dal do conf.
Ci tam nie je daka chyba aby sme sa vyhli hlupym chybam.
A este som zistil ze pri boote sa mi spusta daky portmap daemon ale nespusti sa .. co to je ? dik za odp

Tu to je:


#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#

version 5

# Accept all client traffic on any interface
# interface any world
# client all accept

DEFAULT_CLIENT_PORTS="1024:65535"

server_icq_ports="tcp/5190"
client_icq_ports="default"

interface eth0 internet
    policy drop
    protection strong 10/sec 10
    server ident reject with tcp-reset
#   server ssh       accept
#   server ping      accept
    client icmp     accept
    client dhcp     accept
    client dns       accept
    client http       accept
    client https       accept
    client smtp     accept
    client smtps   accept
    client ftp       accept
    client ntp       accept
#    client ssh       accept
    client icq       accept
#    client jabber       accept
    client cups       accept
#    client samba       accept
#    client ping    accept
    client pop3    accept
    client pop3s   accept

UNMATCHED_INPUT_POLICY="DROP"
UNMATCHED_OUTPUT_POLICY="DROP"
FIREHOL_LOG_LEVEL=4

Dik moc..

Lucas

[Lucasco]

Hallo tak je tu niekto na pomoc s tym fireholom?

DAkujem.

[Tomtom]

Tak teď právě to také řeším, zjistil jsem, z jiných vláken tu, např. http://forum.ubuntu.cz/index.php?topic=14508.0
že má firehol problém s bashem ve feisty.

Funguje.

A já bych přihodil dotaz, jestli je v pořádku, když mi test na
http://probe.hackerwatch.org/probe/probe.asp
vyhodí u všech portů něco jako

Kód: [Vybrat]

Closed but Unsecure
21 (FTP)

This port is not being blocked, but there is no program currently accepting connections on this port.Na Gutsy šlo vše hezky "Secured" ale tady nic.

/etc/firehol/firehol.conf mám:

Kód: [Vybrat]

version 5
DEFAULT_CLIENT_PORTS="1024:65535"
server_icq_ports="tcp/5190"
client_icq_ports="default"
interface eth+ internet src not "${UNROUTABLE_IPS}"
policy drop
protection strong 10/sec 10
server ident reject with tcp-reset
# server ssh accept
# server ping accept
client dhcp accept
client dns accept
client http accept
client https accept
client ftp accept
client ntp accept
client ssh accept
client icq accept
client jabber accept
client cups accept
client samba accept
UNMATCHED_INPUT_POLICY="DROP"
UNMATCHED_OUTPUT_POLICY="DROP"
FIREHOL_LOG_LEVEL=4
Tak jestli by byl nějaký nápad nebo rada, abych měl jistotu, že je vše ok.

[Lucasco]

vykaslal som sa na to.. a dal som lokkit..  vsetko je secured

[truhlik]

Nejak me nic nenapada. Me na gutsym jede v pohode.

[Tomtom]

Nejak me nic nenapada. Me na gutsym jede v pohode.

Teď jsem instaloval čistě GG, nainstaloval jsem firehol z toho debianího zdroje, co jsem odkazoval (z repozitáře stále nefunkční), nastavil /etc/firehol/firehol.conf, firehol restart a... stejný.

Jak to máte vy? Má vypovídající hodnotu ten test na http://probe.hackerwatch.org/probe/probe.asp ?

[czechian]

Zdravicko,
    mam stejny problem pouzivam ubuntu-7.10-server   Faisty Fawn a po instalaci fireholu my vyskocila kvanta chynych hlasek. Vse jsem ve firehol.conf zakomentoval a vzniklo z toho jen

root@web:~# sudo firehol restart


--------------------------------------------------------------------------------
ERROR   : # 1.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A INPUT -m state '' --state RELATED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 2.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A OUTPUT -m state '' --state RELATED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'



--------------------------------------------------------------------------------
ERROR   : # 3.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A FORWARD -m state '' --state RELATED -j ACCEPT
OUTPUT  :

Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'

Stopped: Couldn't activate new firewall.

FireHOL: Restoring old firewall: OK




Nenapada vas neco?
Diky

[LS]

Tak pouzivate 7.10 nebo Feisty? Ve Feisty Firehol nikdy nefungoval, na toto tema je tu nekolik vlaken. V Gutsy funguje bez problemu.

[czechian]

+ karma pro tebe chyba u me 7.04 je Feisty a tam to nechodi je to napsane na kazdem sloupu chjooo jdu reinstalovat...