[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] ipchains & kde

To: "Sheflug" <sheflug [at] vuw.ac.nz>
Subject: Re: [Sheflug] ipchains & kde
From: "Alex Hudson" <nospam [at] york.ac.uk>
Date: Sat, 15 Jul 2000 10:04:44 +0100
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: sheflug-bounce [at] vuw.ac.nz

> On Thu, 13 Jul 2000, Alex Hudson wrote:
> > I agree. To be honest, the ruleset given looks like a bit of a club
hammer
> > to me, and probably not worth a great deal, although it's probably
better
> > than no rulesset. It's much better to have a finer set of rules;
besides,
> > it's an exercise in networking if nothing else, you'll understand things
a
> > whole lot better.
> > As for the problem itself.. could be one of two things. I've tried
> > replicating it here, and it works fine for me, but I have a funny K
setup,
> > so it could be I'm doing something wildly different to me.
>
> how do you manage that then Al? :-)

Dunno ;)) I can only presume that you have a different version of KDE to me,
and it's that which caused the problem. I'll have another go, but I promise
you, nothing broke when I put in your rulesset!!

> mandrake7.0 with KDE1.1.2 (bog standard)
> once i accessed 'file:/' i could not access any other x service. (even
after
> several minutes) i have to 'ctrl-alt-f1' and log in as root to remove the
rule
> set and 'ipchain -F' 'ipchain -X' via CLI to recover (quite an achievement
for
> me:-)

How wierd. Blocking root ports (<1024) will only really affect incoming
connections on lo - when you open a connection to a machine, two port
numbers are involved: the one you're connecting to, and the local one you're
connecting from. Usually, opening a local port will result in a nice high
number, well out of the 1023 range, so it must have been the port that the
software was trying to connect to that was blocked. I don't really see what
service it was trying to use; but then, I've not looked at the code, there's
probably a very good reason for it. Did you try REJECTing rather than
DENYing the packets? If KDE gave you an error message with REJECTed packets
(either on-screen dialog or in the log files), that'd be a good clue as to
what was going on.

> it's definitatly a steep learning curve for this kind of thing
> (but i'm making progress:) i haven't identified the exact problem with the
> rules but allowing full access to 'lo' seems to have resolved the problem
for
> now.

Try getting rid of them one by one. My money's probably on the SYN blocker,
but you never know.. I'm definitely going to try again though, because it
didn't do anything for me & I want to know why!

Cheers,

Alex.

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

References:
- [Sheflug] ipchains & kde
  - From: ross <ros.h [at] virgin.net>
- Re: [Sheflug] ipchains & kde
  - From: Martin P Holland <m.holland [at] noether.freeserve.co.uk>
- Re: [Sheflug] ipchains & kde
  - From: ross <ros.h [at] virgin.net>

Prev by Date: [Sheflug] Parking Space (was Re: User Friendly)
Next by Date: [Sheflug] Re: User Friendly
Prev by thread: Re: [Sheflug] ipchains & kde
Next by thread: Re: [Sheflug] ipchains & kde
Index(es):
- Date
- Thread