Fórum Ubuntu CZ/SK
Ubuntu pro osobní počítače => Internet a sítě => Téma založeno: Lucasco 06 Listopadu 2007, 17:46:27
-
Ahojte prosim pomozte mi nakonfigurovat firehol.
Na internetove aplikacie ktore vyuzivam:
Firefox
Evolution
Sim
a aktualizacie.
Ostatne vsetko chcem zakazat proste byt chraneny da sa to?
Dik za odpoved
Lukas
-
jestli jsi ucenlivy tak toto je jak si pridat vlastni pravidlo do fireholu
http://firehol.sourceforge.net/adding.html (http://firehol.sourceforge.net/adding.html)
a jeste toto je jiz preddefinovana pravidla pro firehol http://firehol.sourceforge.net/services.html (http://firehol.sourceforge.net/services.html)\
neni to vubec nic tezkyho a i s moji spatnou anglictinou jsem tomu rozumel...stoji to opravdu za to si precist aspon pak porozumis tomu co delas...
Kdyby se ti nechtelo tak ti pomuzu...
-
je to od teba pekne,
ale radsej by som to mal zabezpecene a ucil sa to potom.. robim penazne prevody a tak.. posielam confidential maily.. tak keby si bol taky mily.. a pomohol. mi.. co najskor nech to mam..
dik
-
Stahujes a odesilas postu prez sifrovany protocoly pop3s nebo smtps
Pokud bez sifrovani tak zakomentuj radek: client pop3s accept, client smtps accept
Pokud se sifrovanim tak naopak zakomentuj: client pop accept, client smtp accept
Jinak bych to videl takhle:
Predpokladam ze mas firehol naistalovany takze pak z edituj konfiguracni soubor sudo gedit /etc/firehol/firehol.conf
A vloz do nej nasledujici radky...
#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#
version 5
# Accept all client traffic on any interface
#interface any world
#client all accept
DEFAULT_CLIENT_PORTS="1024:65535"
server_icq_ports="tcp/5190"
client_icq_ports="default"
interface eth0 internet
policy drop
protection strong 10/sec 10
server ident reject with tcp-reset
# server ssh accept
# server ping accept
client icmp accept
client dhcp accept
client dns accept
client http accept
client https accept
client smtp accept
client smtps accept
client ftp accept
client ntp accept
# client ssh accept
client icq accept
# client jabber accept
client cups accept
# client samba accept
# client ping accept
client pop3 accept
client pop3s accept
UNMATCHED_INPUT_POLICY="DROP"
UNMATCHED_OUTPUT_POLICY="DROP"
FIREHOL_LOG_LEVEL=4
-
[query=lukas.svoboda]
6. Firewall - FireHOL
Heslo Bezpečnost především platí i v Linuxu, proto je vhodné mít správně nakonfigurovaný firewall. K tomuto účelu se mi dobře osvědčil FireHOL, nástroj pro generování pravidel iptables. FireHOL nemá grafické rozhraní (jako například Firestarter, popisovaný níže), konfiguruje se prostřednictvím textového souboru, jeho syntaxe je ale jednoduchá, přehledná a snadno pochopitelná. Bez problémů lze nastavit ochranu firewallem pro více síťových rozhraní, na několika řádcích lze provést kompletní nastavení pro router. Po nainstalování FireHOLu příkazem
Kód:
sudo apt-get install firehol
nejdřive upravte soubor /etc/default/firehol, kde řádek START_FIREHOL=NO změňte na START_FIREHOL=YES. Poté si otevřete hlavní konfigurační soubor FireHOLu, který se nachází v /etc/firehol/firehol.conf. Úpravy tohoto souboru lze provádět výhradně s právy superuživatele. Pro začátek do tohoto souboru uložte tento text:
Kód:
#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#
version 5
# Accept all client traffic on any interface
# interface any world
# client all accept
DEFAULT_CLIENT_PORTS="1024:65535"
server_icq_ports="tcp/5190"
client_icq_ports="default"
interface eth+ internet src not "${UNROUTABLE_IPS}"
policy drop
protection strong 10/sec 10
server ident reject with tcp-reset
# server ssh accept
# server ping accept
client dhcp accept
client dns accept
client http accept
client https accept
client ftp accept
client ntp accept
client ssh accept
client icq accept
client jabber accept
client cups accept
client samba accept
UNMATCHED_INPUT_POLICY="DROP"
UNMATCHED_OUTPUT_POLICY="DROP"
FIREHOL_LOG_LEVEL=4
V tomto nastavení získáte velmi slušnou úroveň zabezpečení počítače včetně ochrany proti útokům typu DoS a dalším. Všechny serverové služby jsou blokované (ssh a odpověď na ping stačí odkomentovat). Jsou povolené pouze základní klientské služby, nastavené lze ještě zpřísnit omezením každé povolené služby pouze pro definované rozsahy zdrojových a/nebo cílových IP adres. Další nastavení lze snadno doplnit, na domácí stránce projektu http://firehol.sourceforge.net je k dipozici výborná dokumentace. FireHOL nastartujete příkazem
Kód:
sudo firehol restart
FireHOL automaticky staruje během každého dalšího startu systému.
Tip: pokud jste připojeni za routerem, který provádí překlad adres (NAT), nahraďte řádek
Kód:
interface eth+ internet src not "${UNROUTABLE_IPS}"
řádkem
Kód:
interface eth+ internet
Funkčnost právě nainstalovaného firewallu si můžete vyzkoušet na některém z online dostupných testů zabezpečení:
http://www.hackerwatch.org/probe/
https://www.grc.com/x/ne.dll?bh0bkyd2
http://www.auditmypc.com/
http://scan.sygate.com/
http://www.pcflank.com/about.htm
Více o problematice Firewallů v Linuxu viz. např.
http://www.root.cz/clanky/firehol-nejsnazsi-firewall/
http://www.root.cz/serialy/stavime-firewall/
http://www.root.cz/serialy/vse-o-iptables/
http://www.root.cz/zpravicky/jak-konfigurovat-iptables/
[/query]
-
dakujem ale neda sa to nahodit vypisuje mi to dake chybne hlasky ked dam restart firehol.
skusim pastnut..
a BTW: v screene client pop3s accpet je chyba.. ma to byt accept.. :D tak oprav..:D
--------------------------------------------------------------------------------
ERROR : # 13.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_https_c6 -p tcp --sport 443 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 14.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_smtp_c7 -p tcp --sport 32768:61000 --dport 25 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 15.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_smtp_c7 -p tcp --sport 25 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 16.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_smtps_c8 -p tcp --sport 32768:61000 --dport 465 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 17.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_smtps_c8 -p tcp --sport 465 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 18.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_ftp_c9 -p tcp --sport 32768:61000 --dport ftp -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 19.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_ftp_c9 -p tcp --sport ftp --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 20.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_ftp_c9 -p tcp --sport ftp-data --dport 32768:61000 -m state '' --state ESTABLISHED\,RELATED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 21.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_ftp_c9 -p tcp --sport 32768:61000 --dport ftp-data -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 22.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_ftp_c9 -p tcp --sport 32768:61000 --dport 1024:65535 -m state '' --state ESTABLISHED\,RELATED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 23.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_ftp_c9 -p tcp --sport 1024:65535 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 24.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_ntp_c10 -p udp --sport 123 --dport 123 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 25.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_ntp_c10 -p udp --sport 123 --dport 123 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 26.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_ntp_c10 -p udp --sport 32768:61000 --dport 123 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 27.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_ntp_c10 -p udp --sport 123 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 28.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_ntp_c10 -p tcp --sport 123 --dport 123 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 29.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_ntp_c10 -p tcp --sport 123 --dport 123 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 30.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_ntp_c10 -p tcp --sport 32768:61000 --dport 123 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 31.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_ntp_c10 -p tcp --sport 123 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 32.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_icq_c11 -p tcp --sport 32768:61000 --dport 5190 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 33.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_icq_c11 -p tcp --sport 5190 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 34.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_cups_c12 -p tcp --sport 32768:61000 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 35.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_cups_c12 -p tcp --sport 631 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 36.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_cups_c12 -p tcp --sport 631 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 37.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_cups_c12 -p tcp --sport 631 --dport 631 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 38.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_cups_c12 -p udp --sport 32768:61000 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 39.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_cups_c12 -p udp --sport 631 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 40.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_cups_c12 -p udp --sport 631 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 41.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_cups_c12 -p udp --sport 631 --dport 631 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 42.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_pop3_c13 -p tcp --sport 32768:61000 --dport 110 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 43.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_pop3_c13 -p tcp --sport 110 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 44.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet_pop3s_c14 -p tcp --sport 32768:61000 --dport 995 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 45.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet_pop3s_c14 -p tcp --sport 995 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 46.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet -m state '' --state RELATED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 47.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_internet -m state '' --state RELATED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 48.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A INPUT -m state '' --state RELATED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 49.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A OUTPUT -m state '' --state RELATED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 50.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A FORWARD -m state '' --state RELATED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
Stopped: Couldn't activate new firewall.
FireHOL: Restoring old firewall: OK
-
Mas Gibona nebo Feisty?
-
Ahoj..
gibona.. pred nedavnom som ho aktualizoval s feisty.
Meni sa tam daco v conf?.Preco to nefunguje?
Dik za odp.
Lukas
-
Moc moudry z toho nejsem. Me firehol funguje bezproblemu. Jeste to zkusim projet googlem ty tvoje logy.
-
Ahoj ...
Dik moc.. dam sem este presne co som dal do conf.
Ci tam nie je daka chyba aby sme sa vyhli hlupym chybam.
A este som zistil ze pri boote sa mi spusta daky portmap daemon ale nespusti sa .. co to je ? dik za odp
Tu to je:
#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#
version 5
# Accept all client traffic on any interface
# interface any world
# client all accept
DEFAULT_CLIENT_PORTS="1024:65535"
server_icq_ports="tcp/5190"
client_icq_ports="default"
interface eth0 internet
policy drop
protection strong 10/sec 10
server ident reject with tcp-reset
# server ssh accept
# server ping accept
client icmp accept
client dhcp accept
client dns accept
client http accept
client https accept
client smtp accept
client smtps accept
client ftp accept
client ntp accept
# client ssh accept
client icq accept
# client jabber accept
client cups accept
# client samba accept
# client ping accept
client pop3 accept
client pop3s accept
UNMATCHED_INPUT_POLICY="DROP"
UNMATCHED_OUTPUT_POLICY="DROP"
FIREHOL_LOG_LEVEL=4
Dik moc..
Lucas
-
Hallo tak je tu niekto na pomoc s tym fireholom?
DAkujem.
-
Tak teď právě to také řeším, zjistil jsem, z jiných vláken tu, např. http://forum.ubuntu.cz/index.php?topic=14508.0
že má firehol problém s bashem ve feisty.
Funguje.
A já bych přihodil dotaz, jestli je v pořádku, když mi test na
http://probe.hackerwatch.org/probe/probe.asp
vyhodí u všech portů něco jako
Closed but Unsecure
21 (FTP)
This port is not being blocked, but there is no program currently accepting connections on this port.
Na Gutsy šlo vše hezky "Secured" ale tady nic.
/etc/firehol/firehol.conf mám:
version 5
DEFAULT_CLIENT_PORTS="1024:65535"
server_icq_ports="tcp/5190"
client_icq_ports="default"
interface eth+ internet src not "${UNROUTABLE_IPS}"
policy drop
protection strong 10/sec 10
server ident reject with tcp-reset
# server ssh accept
# server ping accept
client dhcp accept
client dns accept
client http accept
client https accept
client ftp accept
client ntp accept
client ssh accept
client icq accept
client jabber accept
client cups accept
client samba accept
UNMATCHED_INPUT_POLICY="DROP"
UNMATCHED_OUTPUT_POLICY="DROP"
FIREHOL_LOG_LEVEL=4
Tak jestli by byl nějaký nápad nebo rada, abych měl jistotu, že je vše ok.
-
vykaslal som sa na to.. a dal som lokkit.. vsetko je secured
-
Nejak me nic nenapada. Me na gutsym jede v pohode.
-
Nejak me nic nenapada. Me na gutsym jede v pohode.
Teď jsem instaloval čistě GG, nainstaloval jsem firehol z toho debianího zdroje, co jsem odkazoval (z repozitáře stále nefunkční), nastavil /etc/firehol/firehol.conf, firehol restart a... stejný.
Jak to máte vy? Má vypovídající hodnotu ten test na http://probe.hackerwatch.org/probe/probe.asp ?
-
Zdravicko,
mam stejny problem pouzivam ubuntu-7.10-server Faisty Fawn a po instalaci fireholu my vyskocila kvanta chynych hlasek. Vse jsem ve firehol.conf zakomentoval a vzniklo z toho jen
root@web:~# sudo firehol restart
--------------------------------------------------------------------------------
ERROR : # 1.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A INPUT -m state '' --state RELATED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 2.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A OUTPUT -m state '' --state RELATED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
--------------------------------------------------------------------------------
ERROR : # 3.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A FORWARD -m state '' --state RELATED -j ACCEPT
OUTPUT :
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `'
Stopped: Couldn't activate new firewall.
FireHOL: Restoring old firewall: OK
Nenapada vas neco?
Diky
-
Tak pouzivate 7.10 nebo Feisty? Ve Feisty Firehol nikdy nefungoval, na toto tema je tu nekolik vlaken. V Gutsy funguje bez problemu.
-
+ karma pro tebe chyba u me 7.04 je Feisty a tam to nechodi je to napsane na kazdem sloupu chjooo jdu reinstalovat...