6 More Discussions You Might Find Interesting
1. IP Networking
edit: SOLVED - see below for solution
Hi there,
I've inherited a gob of Linux hosts and so am learning linux from the bottom of the deep end of the pool (gotta say I'm warming up to Linux though - it's not half bad)
Right now iptables is confusing me and I could use some pointers as to how... (0 Replies)
Discussion started by: Smiling Dragon
0 Replies
2. IP Networking
Upon replacing my linux router/server with a Solaris one I've noticed very poor network performance. The server itself has no issues connecting to the net, but clients using the server as a router are getting a lot of IP fragments as indicated from some packet sniffing I conducted.
Here was my... (3 Replies)
Discussion started by: vectox
3 Replies
3. IP Networking
I've experienced this same issue with both the Endian Firewall Appliance and a Vyatta Firewall Appliance. Conversely, it works with a Draytek Firewall/Router.
I am trying to forward port 80 traffic to my internal web server which is located on the /24 subnet. I have an external static IP which... (0 Replies)
Discussion started by: mboudro
0 Replies
4. UNIX for Dummies Questions & Answers
I set up remote printing on a clients Unix server to my Windows XP USB printer. My USB printer is connected directly to my PC (no print server and no network input on printer). With my Win XP PC connected to my cable modem (without the router), i can do
lp -dhp842c /etc/hosts and it prints. I... (7 Replies)
Discussion started by: jmhohne
7 Replies
5. Solaris
hi guys,
its been a while since my last visit here,
could not keep up the pace on this ever changing industry :)
i'd just doing my home research under vmware to make a solaris-based router-firewall using zones - doing a lot of reading about zones & review solaris zone functionality.
and... (4 Replies)
Discussion started by: stdout
4 Replies
6. Cybersecurity
HI all,
I have setup IPTables firewall/Router and my home network, with address space 192.168.10.XXX
Form my private network hosts, i can ping the gateway ( 192.168.10.101 ) , but the reverse is not happening.
Can someone help me as of what i need to do, so that i can ping my private... (1 Reply)
Discussion started by: chandan_m
1 Replies
FIREHOL(1) General Commands Manual FIREHOL(1)
NAME
firehol - An easy to use but powerful iptables stateful firewall
SYNOPSIS
firehol start|try|stop|restart|condrestart|status|panic|save|debug|helpme
firehol configfile [start|debug|try]
firehol nothing
DESCRIPTION
firehol is an iptables firewall generator producing stateful iptables packet filtering firewalls, on Linux hosts and routers with any num-
ber of network interfaces, any number of routes, any number of services served, any number of complexity between variations of the services
(including positive and negative expressions).
firehol is a language to express firewalling rules, not just a script that produces some kind of a firewall.
The goals of firehol are:
o Being as easy as possible
Independently of the security skills he/she has, firehol allows to create and understand complex firewalls in just a few seconds. The
configuration files are very easy to type and read.
o Being as secure as possible.
By allowing explicitly only the wanted traffic to flow firehol secures your system. firehol produces stateful rules for any service or
protocol, in both directions of the firewall.
o Being as open as possible.
Althoug firehol is pre-configured for a large number of services, you can configure any service you like and firehol will turn it into
a client, a server, or a router.
o Being as flexible as possible.
firehol can be used by end users and guru administrators requiring extremely complex firewalls. firehol configuration files are BASH
scripts; you can write in them anything BASH accepts, including variables, pipes, loops, conditions, calls to external programs, run
other BASH scripts with firehol directives in them, etc.
o Being as simple as possible.
firehol is easy to install on any modern Linux system; only one file is required, no compilations involved.
Options
start
Activates the firewall configuration. The configuration is expected to be found in /etc/firehol/firehol.conf.
try Activates the firewall, but waits until the user types the word commit. If this word is not typed within 30 seconds, the previous
firewall is restored.
stop
Stops a running iptables firewall by running /etc/init.d/iptables stop. This will allow all traffic to pass unchecked.
restart
This is an alias for start and is given for compatibility with /etc/init.d/iptables.
condrestart
Starts the firehol firewall only if it is not already active. It does not detect a modified configuration file, only verifies that
firehol has been started in the past and not stopped yet.
status
Shows the running firewall, as in /sbin/iptables -nxvL | less
panic
It removes all rules from the running firewall and then it DROPs all traffic on all iptables tables (mangle, nat, filter) and pre-
defined chains (PREROUTING, INPUT, FORWARD, OUTPUT, POSTROUTING), thus blocking all IP communication. DROPing is not done by changing
the default policy to DROP, but by adding just one rule per table/chain to drop all traffic, because the default iptables scripts sup-
plied by many systems (including RedHat 8) do not reset all the chains to ACCEPT when starting (firehol resets them correctly).
When activating panic mode, firehol checks for the existance of the SSH_CLIENT shell environment variable (set by SSH). If it find
this, then panic mode will allow the established SSH connection specified in this variable to operate. Notice that in order for this to
work, you should have su without the minus (-) sign, since su - overwrites the shell variables and therefore the SSH_CLIENT variable is
lost.
Alternativelly, after the panic argument you can specify an IP address in which case all established connections between this IP
address and the host in panic will be allowed.
save
Start the firewall and then save it using /sbin/iptables-save to /etc/sysconfig/iptables.
Since v1.64, this is not implemented using /etc/init.d/iptables save because there is a bug in some versions of iptables-save that save
invalid commands (! --uid-owner A is saved as --uid-owner !A) which cannot be restored. firehol fixes this problem (by saving it, and
then replacing --uid-owner ! with ! --uid-owner).
Note that not all firehol firewalls will work if restored with: /etc/init.d/iptables start because FireHOL handles kernel modules and
might have queried RPC servers (used by the NFS service) before starting the firewall. Also, firehol automatically checks current ker-
nel configuration for client ports range. If you restore a firewall using the iptables service your firewall may not work as expected.
debug
Parses the configuration file but instead of activating it, it shows the generated iptables statements.
explain
Enters an interactive mode where it accepts normal configuration commands and presents the generated iptables commands for each of
them, together with some reasoning for its purpose. Additionally, it automatically generates a configuration script based on the suc-
cessfull commands given.
When in directive mode, firehol has the following special commands:
o help
Present some help
o show
Present the generated firehol configuration
o quit
Exit interactive mode and quit firehol
helpme
Tries to guess the firehol configuration needed for the current machine. firehol will not stop or alter the running firewall. The con-
figuration file is given in the standard output of firehol, thus
/etc/init.d/firehol helpme >/tmp/firehol.conf
will produce the output in /tmp/firehol.conf.
The generated firehol configuration should and must be edited before used on your systems. You are required to take many decisions and
the comments of the generated file will instruct you for many of them.
configfile
A different configuration file. If no other argument is given, the configuration file will be tried (default = try). Otherwise the
argument next to the filename can be one of start, debug, try.
nothing
Presents help about firehol usage.
FILES
/etc/firehol/firehol.conf
AUTHOR
firehol written by Costa Tsaousis <costa@tsaousis.gr>.
Man page written by Marc Brockschmidt <marc@marcbrockschmidt.de>.
SEE ALSO
firehol.conf(5), iptables(8), bash(1)
2003-04-30 FIREHOL(1)