[gentoo-user] firehol + gentoo 3.6.11 kernel....

[gentoo-user] firehol + gentoo 3.6.11 kernel....

[Tamer Higazi]

hi people!
I have used all the time "firehol" (gentoo sources 3.3.8) to make my
firewall rules. After kernel 3.4.x I can't make use of it any more.

Has anyone of you got firehol running on a genoo system with a 3.4.x
kernel above to run?
And if not, can you adivse me something similiar to build linux firewall
rules ?!

For a short reply I would thank you.



Tamer

Re: [gentoo-user] firehol + gentoo 3.6.11 kernel....

[Bruce Hill]

On Tue, Feb 19, 2013 at 02:34:16AM +0100, Tamer Higazi wrote:
> hi people!
> I have used all the time "firehol" (gentoo sources 3.3.8) to make my
> firewall rules. After kernel 3.4.x I can't make use of it any more.
> 
> Has anyone of you got firehol running on a genoo system with a 3.4.x
> kernel above to run?
> And if not, can you adivse me something similiar to build linux firewall
> rules ?!
> 
> For a short reply I would thank you.
> 
> 
> 
> Tamer

Would this be helpful for a start:

http://easyfwgen.morizot.net/gen/
-- 
Happy Penguin Computers               >')
126 Fenco Drive                       ( \
Tupelo, MS 38801                       ^^
support@happypenguincomputers.com
662-269-2706 662-205-6424
http://happypenguincomputers.com/

A: Because it messes up the order in which people normally read text.                                                                                                                                                          
Q: Why is top-posting such a bad thing?                                                                                                                                                                                        
A: Top-posting.                                                                                                                                                                                                                
Q: What is the most annoying thing in e-mail?

Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting

Re: [gentoo-user] firehol + gentoo 3.6.11 kernel....

[Michael Mol]

[-- Attachment #1: Type: text/plain, Size: 690 bytes --]

On Feb 18, 2013 8:35 PM, "Tamer Higazi" <th982a@googlemail.com> wrote:
>
> hi people!
> I have used all the time "firehol" (gentoo sources 3.3.8) to make my
> firewall rules. After kernel 3.4.x I can't make use of it any more.
>
> Has anyone of you got firehol running on a genoo system with a 3.4.x
> kernel above to run?
> And if not, can you adivse me something similiar to build linux firewall
> rules ?!
>
> For a short reply I would thank you.
>
>
>
> Tamer
>

I use a fork of firehol, based on Phil Whineray's IPv6 patches...but on
Debian. I'll see about getting it working on Gentoo, and let you know.
Perhaps I can get it (or Phil's version) into the tree.

What error do you get?

[-- Attachment #2: Type: text/html, Size: 937 bytes --]

Re: [gentoo-user] firehol + gentoo 3.6.11 kernel....

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 1140 bytes --]

On Feb 19, 2013 9:10 AM, "Michael Mol" <mikemol@gmail.com> wrote:
>
> On Feb 18, 2013 8:35 PM, "Tamer Higazi" <th982a@googlemail.com> wrote:
> >
> > hi people!
> > I have used all the time "firehol" (gentoo sources 3.3.8) to make my
> > firewall rules. After kernel 3.4.x I can't make use of it any more.
> >
> > Has anyone of you got firehol running on a genoo system with a 3.4.x
> > kernel above to run?
> > And if not, can you adivse me something similiar to build linux firewall
> > rules ?!
> >
> > For a short reply I would thank you.
> >
> >
> >
> > Tamer
> >
>
> I use a fork of firehol, based on Phil Whineray's IPv6 patches...but on
Debian. I'll see about getting it working on Gentoo, and let you know.
Perhaps I can get it (or Phil's version) into the tree.

Pah! Real Men™ hack iptables rules directly with their hands, not using
baby walkers...

LOL, just kidding. What's the firehol fork's name in Debian? I'm interested
to see how it looks like now...

(About 4 years ago, these tools are so dismal I created one myself, failed
miserably, and just code the rules up by hand.)

Rgds,
--

[-- Attachment #2: Type: text/html, Size: 1513 bytes --]

Re: [gentoo-user] firehol + gentoo 3.6.11 kernel....

[Alon Bar-Lev]

[-- Attachment #1: Type: text/plain, Size: 583 bytes --]

Yes, I use it.
Just enable all non experimental iptables settings at kernel including NAT.
Works perfectly.


On Tue, Feb 19, 2013 at 3:34 AM, Tamer Higazi <th982a@googlemail.com> wrote:

> hi people!
> I have used all the time "firehol" (gentoo sources 3.3.8) to make my
> firewall rules. After kernel 3.4.x I can't make use of it any more.
>
> Has anyone of you got firehol running on a genoo system with a 3.4.x
> kernel above to run?
> And if not, can you adivse me something similiar to build linux firewall
> rules ?!
>
> For a short reply I would thank you.
>
>
>
> Tamer
>
>

[-- Attachment #2: Type: text/html, Size: 1036 bytes --]

[gentoo-user] Re: firehol + gentoo 3.6.11 kernel....

[James]

Alon Bar-Lev <alonbl <at> gentoo.org> writes:


> Yes, I use it.
> Just enable all non experimental iptables settings at kernel including NAT.

A while back, Mick posted on some updates to Arno's firewall work:

net-firewall/arno-iptables-firewall

I do not have the info handy, but you could google it
or maybe mick can post the link again....

I found Arno's approach very instructive for rule making,
research and as a reference.

That said, firewalls and transparent bridges are moving forward
at the speed of light. Many new featuures in the kernel
as wells a different approaches to security. If you intend 
to "hack" in this area, you need to get current and find a 
compatible group for the latest information....

good hunting.....as it is very time consuming

ymmv,
James

Re: [gentoo-user] firehol + gentoo 3.6.11 kernel....

[Michael Mol]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/18/2013 11:12 PM, Pandu Poluan wrote:
> 
> On Feb 19, 2013 9:10 AM, "Michael Mol" <mikemol@gmail.com 
> <mailto:mikemol@gmail.com>> wrote:
>> 
>> On Feb 18, 2013 8:35 PM, "Tamer Higazi" <th982a@googlemail.com
> <mailto:th982a@googlemail.com>> wrote:
>>> 
>>> hi people! I have used all the time "firehol" (gentoo sources
>>> 3.3.8) to make my firewall rules. After kernel 3.4.x I can't
>>> make use of it any more.
>>> 
>>> Has anyone of you got firehol running on a genoo system with a
>>> 3.4.x kernel above to run? And if not, can you adivse me
>>> something similiar to build linux firewall rules ?!
>>> 
>>> For a short reply I would thank you.
>>> 
>>> 
>>> 
>>> Tamer
>>> 
>> 
>> I use a fork of firehol, based on Phil Whineray's IPv6
>> patches...but
> on Debian. I'll see about getting it working on Gentoo, and let
> you know. Perhaps I can get it (or Phil's version) into the tree.
> 
> Pah! Real Men™ hack iptables rules directly with their hands, not
> using baby walkers...
> 
> LOL, just kidding. What's the firehol fork's name in Debian? I'm 
> interested to see how it looks like now...
> 
> (About 4 years ago, these tools are so dismal I created one
> myself, failed miserably, and just code the rules up by hand.)
> 
> Rgds, --
> 

It's not in Debian, technically...

https://github.com/philwhineray/firehol-fork

Incidentally, firehol upstream isn't maintained any more. (Or wasn't
when Phil needed IPv6 support.) Also, firewall packages which don't
*explicitly* support IPv6 will not protect you from attackers using
IPv6; iptables and ip6tables are two separate commands. (One nice
thing about Phil's fork is that it defaults to applying policies to
both IPv4 and IPv6 where possible.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRI6kOAAoJED5TcEBdxYwQdEkH/iwL6EqMDRpMxVqUgLwvTBzM
EE37/gA9xVItXFwgBi12Htva31FavRT5TCzoCNaMs/vU9s93+sx9YZRP2j1Z9dq5
bFrf2IBLGQzCmKu55ysxXp9D6ZAX9bULHteEvZDIgrkp8geCGjrBBwjuXX7bQ4RN
9TFwTIGfboUxYnJa4QTP7+diY/RET53oKBu69YCsHZbqDCJEa94mYuMdvoezob/G
L2HaX5VN5ABkmey2ZSc1nXmdTS7DxsTUI97VbxxWNl7B54gLzpMLl5h+iyYvHkhd
411fzyqz2WtjwwAa82cqQTfl7PMInpeZjLHHaKCFC9cVF+pagAdBtX3AfHUqXYI=
=Bph0
-----END PGP SIGNATURE-----

Re: [gentoo-user] Re: firehol + gentoo 3.6.11 kernel....

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 1128 bytes --]

On Tuesday 19 Feb 2013 16:20:20 James wrote:
> Alon Bar-Lev <alonbl <at> gentoo.org> writes:
> > Yes, I use it.
> > Just enable all non experimental iptables settings at kernel including
> > NAT.
> 
> A while back, Mick posted on some updates to Arno's firewall work:
> 
> net-firewall/arno-iptables-firewall
> 
> I do not have the info handy, but you could google it
> or maybe mick can post the link again....
> 
> I found Arno's approach very instructive for rule making,
> research and as a reference.
> 
> That said, firewalls and transparent bridges are moving forward
> at the speed of light. Many new featuures in the kernel
> as wells a different approaches to security. If you intend
> to "hack" in this area, you need to get current and find a
> compatible group for the latest information....
> 
> good hunting.....as it is very time consuming
> 
> ymmv,
> James

Here it is, I'm just trying the latest ~2.0.1d version as we speak, which also 
includes IPv6 rules:

http://rocky.eld.leidenuniv.nl/joomla/index.php?option=com_content&view=article&id=45&Itemid=63

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] firehol + gentoo 3.6.11 kernel....

[Tamer Higazi]

Alon!
you were absolutely right. What I did before rebuilding a newer kernel,
is taking the config from the previoud.

so, instead just building the kernel straight away, I took a look in
netfilter and activated EVERYTHING (except debug and experimental
modules) in the netfilter section.


And it works.....


Thank you!


Tamer


Am 19.02.2013 05:16, schrieb Alon Bar-Lev:
> Yes, I use it.
> Just enable all non experimental iptables settings at kernel including NAT.
> Works perfectly.
> 
> 
> On Tue, Feb 19, 2013 at 3:34 AM, Tamer Higazi <th982a@googlemail.com
> <mailto:th982a@googlemail.com>> wrote:
> 
>     hi people!
>     I have used all the time "firehol" (gentoo sources 3.3.8) to make my
>     firewall rules. After kernel 3.4.x I can't make use of it any more.
> 
>     Has anyone of you got firehol running on a genoo system with a 3.4.x
>     kernel above to run?
>     And if not, can you adivse me something similiar to build linux firewall
>     rules ?!
> 
>     For a short reply I would thank you.
> 
> 
> 
>     Tamer
> 
>