11-06-2001
Consider using a 2.4 kernal so that you can take advantage of iptables which is easier and more powerful. You can do a lot of things in iptable much more simply than ipchains, and since it is session based (unlike ipchains which is sessionless) it can detect some attacks much better than ipchains.
10 More Discussions You Might Find Interesting
1. Cybersecurity
Hello,
I in the process of installing a firewall. I'm new to this topic and would like to know if someone can point me in the right direction.
I'm running Solaris 8.
Thanks in advance. (2 Replies)
Discussion started by: sunoracle
2 Replies
2. Shell Programming and Scripting
plz help me, i need to configure my firewall with using shell script, i am using unix fedora 9. thanks ppl. replys would be great. (1 Reply)
Discussion started by: king_jon85
1 Replies
3. Shell Programming and Scripting
HI All,
I need a script to reboot a linux box from a windows box.
The script needs to run automatically whenever a sitescope alerts with an error message.
Have searched for this in the forums, but could not get something relative.
Pls. let me know the various alternatives we have to do... (2 Replies)
Discussion started by: Crazy_murli
2 Replies
4. UNIX for Dummies Questions & Answers
I am a novice to linux and unix and command line, I am willing to jump in head first. I have a couple older computers, one is a dell XPS with a P2 Proccessor and th other is a old old sony VIAO. I have a small home network 3 computers...i have my DSL modem then thats connected to my wireless... (2 Replies)
Discussion started by: Tabryan07
2 Replies
5. UNIX for Advanced & Expert Users
Hi all,
I need to send mail to a particular email id using a local mail server.This mail shall contain the content of a file. I don't have any idea how to do it. Can anyone guide me ,where to start proceeding for it. Any guide or study material would appreciated. (1 Reply)
Discussion started by: amit_kv1983
1 Replies
6. Cybersecurity
HI all,
I have setup IPTables firewall/Router and my home network, with address space 192.168.10.XXX
Form my private network hosts, i can ping the gateway ( 192.168.10.101 ) , but the reverse is not happening.
Can someone help me as of what i need to do, so that i can ping my private... (1 Reply)
Discussion started by: chandan_m
1 Replies
7. Cybersecurity
Hello,
I am currently using a Sonicwall firewall to protect a class C network of public IP addresses. The sonicwall allows me to specify which IP's will be on the DMZ port and the remainder are on the LAN port by default. I would like to replace this Sonicwall with a linux box and use iptables... (3 Replies)
Discussion started by: richard987
3 Replies
8. UNIX for Dummies Questions & Answers
Hi,
I've been able to mount my linux box to a windows machine, but I can't seem to mount my linux box to another linux box I have. (I know I could scp, but for other reasons I need to do it this way) Samba is installed.
Here is an example where I mount to a Win machine.--> works fine
mount... (12 Replies)
Discussion started by: jdilts
12 Replies
9. Red Hat
Hi
I have a linux box and need to access from windows graphically
# uname -a
Linux pc-l416116 2.6.18-155.el5 #1 SMP Fri Jun 19 17:06:47 EDT 2009 i686 i686 i386 GNU/Linux
What components do I need to install on Linux and windows to do that?
TIA (6 Replies)
Discussion started by: magnus29
6 Replies
10. How to Post in the The UNIX and Linux Forums
Hello my dear friends,
Two file are auto generated from mon - fri at different directories on same windows box.Every day i have to copy the file, rename it (specific name)and ftp it to linux box specified directory.
is it possible to automate this process,If yes this has to be done from windows... (1 Reply)
Discussion started by: umesh yadav
1 Replies
LEARN ABOUT DEBIAN
pyroman
PYROMAN(8) System Manager's Manual PYROMAN(8)
NAME
pyroman - a firewall configuration utility
SYNOPSIS
pyroman
[ -hvnspP ] [ -r RULESDIR ] [ -t SECONDS ]
[ --help ] [ --version ] [ --safe ] [ --no-act ]
[ --print ] [ --print-verbose ] [ --rules=RULESDIR ]
[ --timeout=SECONDS ] [ safe ]
DESCRIPTION
pyroman is a firewall configuration utility.
It will compile a set of configuration files to iptables statements to setup IP packet filtering for you.
While it is not necessary for operating and using Pyroman, you should have understood how IP, TCP, UDP, ICMP and the other commonly used
Internet protocols work and interact. You should also have understood the basics of iptables in order to make use of the full
functionality.
pyroman does not try to hide all the iptables complexity from you, but tries to provide you with a convenient way of managing a complex
networks firewall. For this it offers a compact syntax to add new firewall rules, while still exposing access to add arbitrary iptables
rules.
OPTIONS
-r RULESDIR,--rules=RULES
Load the rules from directory RULESDIR instead of the default directory (usually /etc/pyroman )
-t SECONDS,--timeout=SECONDS
Wait SECONDS seconds after applying the changes for the user to type OK to confirm he can still access the firewall. This implies
--safe but allows you to use a different timeout.
-h, --help
Print a summary of the command line options and exit.
-V, --version
Print the version number of pyroman and exit.
-s, --safe, safe
When the firewall was committed, wait 30 seconds for the user to type OK to confirm, that he can still access the firewall (i.e. the
network connection wasn't blocked by the firewall). Otherwise, the firewall changes will be undone, and the firewall will be
restored to the previous state. Use the --timeout=SECONDS option to change the timeout.
-n, --no-act
Don't actually run iptables. This can be used to check if pyroman accepts the configuration files.
-p, --print
Instead of running iptables, output the generated rules.
-P, --print-verbose
Instead of running iptables, output the generated rules. Each statement will have one comment line explaining how this rules was
generated. This will usually include the filename and line number, and is useful for debugging.
CONFIGURATION
Configuration of pyroman consists of a number of files in the directory /etc/pyroman. These files are in python syntax, although you do
not need to be a python programmer to use these rules. There is only a small number of statements you need to know:
add_host
Define a new host or network
add_interface
Define a new interface (group)
add_service
Add a new service alias (note that you can always use e.g. www/tcp to reference the www tcp service as defined in /etc/services)
add_nat
Define a new NAT (Network Address Translation) rule
allow Allow a service, client, server combination
reject Reject access for this service, client, server combination
drop Drop packets for this service, client, server combination
add_rule
Add a rule for this service, client, server and target combination
iptables
Add an arbitrary iptables statement to be executed at beginning
iptables_end
Add an arbitrary iptables statement to be executed at the end
Detailed parameters for these functions can be looked up by caling
cd /usr/share/pyroman
pydoc ./commands.py
BUGS
None known as of pyroman-0.4 release
AUTHOR
pyroman was written by Erich Schubert <erich@debian.org>
SEE ALSO
iptables(8), iptables-restore(8) iptables-load(8)
PYROMAN(8)