Is there any documentation available on kwfirewall started at ppp connection set up time?
-ishwar
* Ishwar Rattan ishwar@pali.cps.cmich.edu [20051204 03:15]:
Is there any documentation available on kwfirewall started at ppp connection set up time?
AFAICS only german one -> http://netzworkk.berlios.de/doku/kwtools/net/kwfirewall.html
Kai Wilke (developer of the kw-tools) and other guys are working on multilanguage-setup/-documentation AFAIK. (IIRC Kai is reading this list too.)
If you don't want to use it or if you have problems just run 'apt-get remove --purge kwtools-net-firewall'.
regards, -mika-
On Sun, 4 Dec 2005, Michael Prokop wrote:
If you don't want to use it or if you have problems just run 'apt-get remove --purge kwtools-net-firewall'.
I would like to add some rules to it, as it stands, it does not do much and I can't figure out the file where rules are/should go.
-ishwar
High, high ... * Ishwar Rattan ishwar@pali.cps.cmich.edu schrieb am [04.12.05 15:17]:
On Sun, 4 Dec 2005, Michael Prokop wrote:
If you don't want to use it or if you have problems just run 'apt-get remove --purge kwtools-net-firewall'.
I would like to add some rules to it, as it stands, it does not do much and I can't figure out the file where rules are/should go.
Sorry for my english kwfirewall starts from ppp, script /etc/ppp/ip-up.d/1kwfirewall. 1kwfirewall starts the Script /etc/init.d/kwfirewall start. /etc/init.d/kwfirewall starts /sbin/kwfirewall_start. The script kwfirewall_starts configurate all tcp/udp ports from configurations file /etc/kwtools/firewall.cf.
I have the manpage from firewall.cf appended. This is in the Release kwtools-0.4.2 to come and config is extended. See man -l firewall.5
link for not ready kwtools-0.4.2: ftp://ftp.berlios.de/pub/netzworkk/scripts/kwtools/upload/0.4/
kind regards kiste
On Sun, 4 Dec 2005, Kai Wilke wrote:
Sorry for my english kwfirewall starts from ppp, script /etc/ppp/ip-up.d/1kwfirewall. 1kwfirewall starts the Script /etc/init.d/kwfirewall start. /etc/init.d/kwfirewall starts /sbin/kwfirewall_start. The script kwfirewall_starts configurate all tcp/udp ports from configurations file /etc/kwtools/firewall.cf.
I have the manpage from firewall.cf appended. This is in the Release kwtools-0.4.2 to come and config is extended. See man -l firewall.5
Your English is fine. Let me rephrase my question. I want to use a rules similar to:
/sbin/iptables -A INPUT -j ACCEPT -i ppp0 -m state --state \ ESTABLISHED,RELATED /sbin/iptables -A INPUT -p icmp -j ACCEPT -i ppp0 -m state --state NEW
to the firewall. I can't figure out in which file to put these rules?
Thanks for your time.
-ishwar
High, high ... * Ishwar Rattan ishwar@pali.cps.cmich.edu schrieb am [05.12.05 17:45]:
On Sun, 4 Dec 2005, Kai Wilke wrote:
Sorry for my english kwfirewall starts from ppp, script /etc/ppp/ip-up.d/1kwfirewall. 1kwfirewall starts the Script /etc/init.d/kwfirewall start. /etc/init.d/kwfirewall starts /sbin/kwfirewall_start. The script kwfirewall_starts configurate all tcp/udp ports from configurations file /etc/kwtools/firewall.cf.
I have the manpage from firewall.cf appended. This is in the Release kwtools-0.4.2 to come and config is extended. See man -l firewall.5
Your English is fine. Let me rephrase my question. I want to use a rules similar to:
Tahnk you:)
/sbin/iptables -A INPUT -j ACCEPT -i ppp0 -m state --state \ ESTABLISHED,RELATED /sbin/iptables -A INPUT -p icmp -j ACCEPT -i ppp0 -m state --state NEW
Oh je. In Script /sbin/kwfirewall_start at line 170 is the chain icmp_acc defined. At the Line 262 - 269 is the chain for every interface defined. $IPTABLES -A icmp_acc -p icmp --icmp-type destination-unreachable \ -j ACCEPT $IPTABLES -A icmp_acc -p icmp --icmp-type source-quench -j ACCEPT $IPTABLES -A icmp_acc -p icmp --icmp-type time-exceeded -j ACCEPT $IPTABLES -A icmp_acc -p icmp --icmp-type echo-request -j ACCEPT $IPTABLES -A icmp_acc -p icmp --icmp-type echo-reply -j ACCEPT $IPTABLES -A icmp_acc -j LOG --log-prefix "ICMP-ACC " \ -m limit --limit 4/m $IPTABLES -A icmp_acc -j DROP # At the line 458 - 479 is the chain int_in (from Internet to Router/Lokalhost defined) defined. Change this to: $IPTABLES -A int_in -p icmp -j icmp_acc -m state \ --state ESTABLISHED,RELATED $IPTABLES -A int_in -p icmp -j icmp_acc -m state \ --state NEW $IPTABLES -A int_in -j LOG --log-prefix "INT-IN " \ -m limit --limit 4/m $IPTABLES -A int_in -j DROP
Can you me this to explain? Why you needs this? I'm straightly out from this topic.
kind regards, Kiste
High, high ... * Kai Wilke kiste@netzworkk.de schrieb am [05.12.05 20:08]: Content-Description: AvMailGate status of this email.
- * * * * * * * * * AntiVir NOTICE * * * * * * * * * * * * * * *
This version of AntiVir is a DEMO version and not full featured.
Sorry, auf meinem Hauptserver waren 2 Partitionen der RAID Arrays ausgefallen und haben den Avgate anstelle von amavisd-new gestartet.
Habe den letzten Link davon jetzt geloescht. Wird nicht wieder passieren.
mfg Kiste
participants (3)
-
Ishwar Rattan -
Kai Wilke -
Michael Prokop