[ale] Bob Toxen's iptables rules help needed

Jim Seymour bluejay at speedfactory.net
Sat Jun 18 23:03:50 EDT 2005


On Sat, Jun 18, 2005 at 10:05:00PM -0400, Christopher Fowler wrote:
> On Sat, 2005-06-18 at 22:00 -0400, Jim Seymour wrote:
> > Bob if you're out there could you drop me a line? I am trying to
> > use the iptables rules from "Real World Linux Security" again. I am
> > getting closer however it looks like it is blocking everything including
> > functions in X and the lo interface.  Gnome will not come up with the
> > rules loaded and the internet seems to be off limits as well. I am
> > trying to keep it as close as possible to your recommendations.
> 
> Maybe a paste of your rules and a little information about your setup
> would help us out here.  
>

Hi Chris,

I was just trying to be cautious about crossing any lines by putting
Bob's work that he sells in his book out for free. Basically I see rules
at the very beginning to allow traffic on lo from lo and the two other
interfaces. From the logs I see it getting dropped. I see no other
references to the lo interface in the scripts other than that.

Also once the firewall is up it is almost impossible to use a graphical
interface. Like logging into Gnome takes maybe 30 minutes or more.
Likewise Nautilus takes 30 minutes or more to appear after clicking to
start it. The access to the internet is totally blocked as well. This is
a Debian Sarge box. Bob's directions are basically for Red Hat, Suse and
Slack. I was able to locate the differences well enough ( I think ) to
put the files where there were needed and edited files for the different
placement of startup scripts and interfaces used. According to what I
see it looks like the script is running okay when it starts. I am trying
to keep his scripts as close as possible to his design without
eliminating essential services.

Thanks,

Jim Seymour
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature




More information about the Ale mailing list