[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] ipchains & kde

To: "Sheflug" <sheflug [at] vuw.ac.nz>
Subject: Re: [Sheflug] ipchains & kde
From: ross <nospam [at] virgin.net>
Date: Sat, 15 Jul 2000 00:57:33 +0000
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: sheflug-bounce [at] vuw.ac.nz

On Thu, 13 Jul 2000, Martin P Holland wrote:
> >the rules i am using are:
> >ipchains -A input -p tcp ! -y -j ACCEPT
> >
> >i believe the idea is to close all ports which require a root service and only
> >allow packets with the SYN flag enabled through.
> 
> Errr no! The last rule is actually accepting any _non_ SYN packets. 
err.... yes your right ....... i read the info incorrectly ;-) (but you knew
that i guess)

> 1. You have to allow all packets on the interface lo or your computer won't be
> able to talk to itself.
> 
i have now and this seems to have resolved the problem.... thanks

> 3. The ipchains howto is actually very good. Read it.
> 
i've read it now and it's all starting to make sense (well kind of!)

> 4. Take a look at my generic firewall at www.noether.freeserve.co.uk
> 
i have and it's working a treat

On Thu, 13 Jul 2000, Alex Hudson wrote:
> I agree. To be honest, the ruleset given looks like a bit of a club hammer
> to me, and probably not worth a great deal, although it's probably better
> than no rulesset. It's much better to have a finer set of rules; besides,
> it's an exercise in networking if nothing else, you'll understand things a
> whole lot better.
> As for the problem itself.. could be one of two things. I've tried
> replicating it here, and it works fine for me, but I have a funny K setup,

> so it could be I'm doing something wildly different to me. 

how do you manage that then Al? :-)

> If you could tell
> us a little more about what you've got: distro-wise, version of K, etc.,
> that would probably be of help. Also, are you sure the X session locks up??
> Is it just kfm that goes belly up? Or does everything else close down? And
> does it really lock up, or is it in a long pause?
> 
mandrake7.0 with KDE1.1.2 (bog standard)
once i accessed 'file:/' i could not access any other x service. (even after
several minutes) i have to 'ctrl-alt-f1' and log in as root to remove the rule
set and 'ipchain -F' 'ipchain -X' via CLI to recover (quite an achievement for
me:-)

it's definitatly a steep learning curve for this kind of thing
(but i'm making progress:) i haven't identified the exact problem with the
rules but allowing full access to 'lo' seems to have resolved the problem for
now.

thanks again for the time you spent on this though.................
 -- 
     Ross
               ros.h [at] virgin.net
____________________________________________________________________________
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] ipchains & kde
  - From: "Alex Hudson" <eah106 [at] york.ac.uk>

References:
- [Sheflug] ipchains & kde
  - From: ross <ros.h [at] virgin.net>
- Re: [Sheflug] ipchains & kde
  - From: Martin P Holland <m.holland [at] noether.freeserve.co.uk>

Prev by Date: Re: [Sheflug] User Friendly
Next by Date: [Sheflug] Parking Space (was Re: User Friendly)
Prev by thread: Re: [Sheflug] ipchains & kde
Next by thread: Re: [Sheflug] ipchains & kde
Index(es):
- Date
- Thread