* [gentoo-user] firehol + gentoo 3.6.11 kernel....
@ 2013-02-19 1:34 Tamer Higazi
2013-02-19 1:51 ` Bruce Hill
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Tamer Higazi @ 2013-02-19 1:34 UTC (permalink / raw
To: gentoo-user
hi people!
I have used all the time "firehol" (gentoo sources 3.3.8) to make my
firewall rules. After kernel 3.4.x I can't make use of it any more.
Has anyone of you got firehol running on a genoo system with a 3.4.x
kernel above to run?
And if not, can you adivse me something similiar to build linux firewall
rules ?!
For a short reply I would thank you.
Tamer
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [gentoo-user] firehol + gentoo 3.6.11 kernel.... 2013-02-19 1:34 [gentoo-user] firehol + gentoo 3.6.11 kernel Tamer Higazi @ 2013-02-19 1:51 ` Bruce Hill 2013-02-19 2:09 ` Michael Mol 2013-02-19 4:16 ` Alon Bar-Lev 2 siblings, 0 replies; 9+ messages in thread From: Bruce Hill @ 2013-02-19 1:51 UTC (permalink / raw To: gentoo-user On Tue, Feb 19, 2013 at 02:34:16AM +0100, Tamer Higazi wrote: > hi people! > I have used all the time "firehol" (gentoo sources 3.3.8) to make my > firewall rules. After kernel 3.4.x I can't make use of it any more. > > Has anyone of you got firehol running on a genoo system with a 3.4.x > kernel above to run? > And if not, can you adivse me something similiar to build linux firewall > rules ?! > > For a short reply I would thank you. > > > > Tamer Would this be helpful for a start: http://easyfwgen.morizot.net/gen/ -- Happy Penguin Computers >') 126 Fenco Drive ( \ Tupelo, MS 38801 ^^ support@happypenguincomputers.com 662-269-2706 662-205-6424 http://happypenguincomputers.com/ A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-user] firehol + gentoo 3.6.11 kernel.... 2013-02-19 1:34 [gentoo-user] firehol + gentoo 3.6.11 kernel Tamer Higazi 2013-02-19 1:51 ` Bruce Hill @ 2013-02-19 2:09 ` Michael Mol 2013-02-19 4:12 ` Pandu Poluan 2013-02-19 4:16 ` Alon Bar-Lev 2 siblings, 1 reply; 9+ messages in thread From: Michael Mol @ 2013-02-19 2:09 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 690 bytes --] On Feb 18, 2013 8:35 PM, "Tamer Higazi" <th982a@googlemail.com> wrote: > > hi people! > I have used all the time "firehol" (gentoo sources 3.3.8) to make my > firewall rules. After kernel 3.4.x I can't make use of it any more. > > Has anyone of you got firehol running on a genoo system with a 3.4.x > kernel above to run? > And if not, can you adivse me something similiar to build linux firewall > rules ?! > > For a short reply I would thank you. > > > > Tamer > I use a fork of firehol, based on Phil Whineray's IPv6 patches...but on Debian. I'll see about getting it working on Gentoo, and let you know. Perhaps I can get it (or Phil's version) into the tree. What error do you get? [-- Attachment #2: Type: text/html, Size: 937 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-user] firehol + gentoo 3.6.11 kernel.... 2013-02-19 2:09 ` Michael Mol @ 2013-02-19 4:12 ` Pandu Poluan 2013-02-19 16:32 ` Michael Mol 0 siblings, 1 reply; 9+ messages in thread From: Pandu Poluan @ 2013-02-19 4:12 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 1140 bytes --] On Feb 19, 2013 9:10 AM, "Michael Mol" <mikemol@gmail.com> wrote: > > On Feb 18, 2013 8:35 PM, "Tamer Higazi" <th982a@googlemail.com> wrote: > > > > hi people! > > I have used all the time "firehol" (gentoo sources 3.3.8) to make my > > firewall rules. After kernel 3.4.x I can't make use of it any more. > > > > Has anyone of you got firehol running on a genoo system with a 3.4.x > > kernel above to run? > > And if not, can you adivse me something similiar to build linux firewall > > rules ?! > > > > For a short reply I would thank you. > > > > > > > > Tamer > > > > I use a fork of firehol, based on Phil Whineray's IPv6 patches...but on Debian. I'll see about getting it working on Gentoo, and let you know. Perhaps I can get it (or Phil's version) into the tree. Pah! Real Men™ hack iptables rules directly with their hands, not using baby walkers... LOL, just kidding. What's the firehol fork's name in Debian? I'm interested to see how it looks like now... (About 4 years ago, these tools are so dismal I created one myself, failed miserably, and just code the rules up by hand.) Rgds, -- [-- Attachment #2: Type: text/html, Size: 1513 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-user] firehol + gentoo 3.6.11 kernel.... 2013-02-19 4:12 ` Pandu Poluan @ 2013-02-19 16:32 ` Michael Mol 0 siblings, 0 replies; 9+ messages in thread From: Michael Mol @ 2013-02-19 16:32 UTC (permalink / raw To: gentoo-user -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/18/2013 11:12 PM, Pandu Poluan wrote: > > On Feb 19, 2013 9:10 AM, "Michael Mol" <mikemol@gmail.com > <mailto:mikemol@gmail.com>> wrote: >> >> On Feb 18, 2013 8:35 PM, "Tamer Higazi" <th982a@googlemail.com > <mailto:th982a@googlemail.com>> wrote: >>> >>> hi people! I have used all the time "firehol" (gentoo sources >>> 3.3.8) to make my firewall rules. After kernel 3.4.x I can't >>> make use of it any more. >>> >>> Has anyone of you got firehol running on a genoo system with a >>> 3.4.x kernel above to run? And if not, can you adivse me >>> something similiar to build linux firewall rules ?! >>> >>> For a short reply I would thank you. >>> >>> >>> >>> Tamer >>> >> >> I use a fork of firehol, based on Phil Whineray's IPv6 >> patches...but > on Debian. I'll see about getting it working on Gentoo, and let > you know. Perhaps I can get it (or Phil's version) into the tree. > > Pah! Real Men™ hack iptables rules directly with their hands, not > using baby walkers... > > LOL, just kidding. What's the firehol fork's name in Debian? I'm > interested to see how it looks like now... > > (About 4 years ago, these tools are so dismal I created one > myself, failed miserably, and just code the rules up by hand.) > > Rgds, -- > It's not in Debian, technically... https://github.com/philwhineray/firehol-fork Incidentally, firehol upstream isn't maintained any more. (Or wasn't when Phil needed IPv6 support.) Also, firewall packages which don't *explicitly* support IPv6 will not protect you from attackers using IPv6; iptables and ip6tables are two separate commands. (One nice thing about Phil's fork is that it defaults to applying policies to both IPv4 and IPv6 where possible.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRI6kOAAoJED5TcEBdxYwQdEkH/iwL6EqMDRpMxVqUgLwvTBzM EE37/gA9xVItXFwgBi12Htva31FavRT5TCzoCNaMs/vU9s93+sx9YZRP2j1Z9dq5 bFrf2IBLGQzCmKu55ysxXp9D6ZAX9bULHteEvZDIgrkp8geCGjrBBwjuXX7bQ4RN 9TFwTIGfboUxYnJa4QTP7+diY/RET53oKBu69YCsHZbqDCJEa94mYuMdvoezob/G L2HaX5VN5ABkmey2ZSc1nXmdTS7DxsTUI97VbxxWNl7B54gLzpMLl5h+iyYvHkhd 411fzyqz2WtjwwAa82cqQTfl7PMInpeZjLHHaKCFC9cVF+pagAdBtX3AfHUqXYI= =Bph0 -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-user] firehol + gentoo 3.6.11 kernel.... 2013-02-19 1:34 [gentoo-user] firehol + gentoo 3.6.11 kernel Tamer Higazi 2013-02-19 1:51 ` Bruce Hill 2013-02-19 2:09 ` Michael Mol @ 2013-02-19 4:16 ` Alon Bar-Lev 2013-02-19 16:20 ` [gentoo-user] " James 2013-02-28 3:52 ` [gentoo-user] " Tamer Higazi 2 siblings, 2 replies; 9+ messages in thread From: Alon Bar-Lev @ 2013-02-19 4:16 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 583 bytes --] Yes, I use it. Just enable all non experimental iptables settings at kernel including NAT. Works perfectly. On Tue, Feb 19, 2013 at 3:34 AM, Tamer Higazi <th982a@googlemail.com> wrote: > hi people! > I have used all the time "firehol" (gentoo sources 3.3.8) to make my > firewall rules. After kernel 3.4.x I can't make use of it any more. > > Has anyone of you got firehol running on a genoo system with a 3.4.x > kernel above to run? > And if not, can you adivse me something similiar to build linux firewall > rules ?! > > For a short reply I would thank you. > > > > Tamer > > [-- Attachment #2: Type: text/html, Size: 1036 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* [gentoo-user] Re: firehol + gentoo 3.6.11 kernel.... 2013-02-19 4:16 ` Alon Bar-Lev @ 2013-02-19 16:20 ` James 2013-02-19 20:12 ` Mick 2013-02-28 3:52 ` [gentoo-user] " Tamer Higazi 1 sibling, 1 reply; 9+ messages in thread From: James @ 2013-02-19 16:20 UTC (permalink / raw To: gentoo-user Alon Bar-Lev <alonbl <at> gentoo.org> writes: > Yes, I use it. > Just enable all non experimental iptables settings at kernel including NAT. A while back, Mick posted on some updates to Arno's firewall work: net-firewall/arno-iptables-firewall I do not have the info handy, but you could google it or maybe mick can post the link again.... I found Arno's approach very instructive for rule making, research and as a reference. That said, firewalls and transparent bridges are moving forward at the speed of light. Many new featuures in the kernel as wells a different approaches to security. If you intend to "hack" in this area, you need to get current and find a compatible group for the latest information.... good hunting.....as it is very time consuming ymmv, James ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-user] Re: firehol + gentoo 3.6.11 kernel.... 2013-02-19 16:20 ` [gentoo-user] " James @ 2013-02-19 20:12 ` Mick 0 siblings, 0 replies; 9+ messages in thread From: Mick @ 2013-02-19 20:12 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: Text/Plain, Size: 1128 bytes --] On Tuesday 19 Feb 2013 16:20:20 James wrote: > Alon Bar-Lev <alonbl <at> gentoo.org> writes: > > Yes, I use it. > > Just enable all non experimental iptables settings at kernel including > > NAT. > > A while back, Mick posted on some updates to Arno's firewall work: > > net-firewall/arno-iptables-firewall > > I do not have the info handy, but you could google it > or maybe mick can post the link again.... > > I found Arno's approach very instructive for rule making, > research and as a reference. > > That said, firewalls and transparent bridges are moving forward > at the speed of light. Many new featuures in the kernel > as wells a different approaches to security. If you intend > to "hack" in this area, you need to get current and find a > compatible group for the latest information.... > > good hunting.....as it is very time consuming > > ymmv, > James Here it is, I'm just trying the latest ~2.0.1d version as we speak, which also includes IPv6 rules: http://rocky.eld.leidenuniv.nl/joomla/index.php?option=com_content&view=article&id=45&Itemid=63 -- Regards, Mick [-- Attachment #2: This is a digitally signed message part. --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-user] firehol + gentoo 3.6.11 kernel.... 2013-02-19 4:16 ` Alon Bar-Lev 2013-02-19 16:20 ` [gentoo-user] " James @ 2013-02-28 3:52 ` Tamer Higazi 1 sibling, 0 replies; 9+ messages in thread From: Tamer Higazi @ 2013-02-28 3:52 UTC (permalink / raw To: gentoo-user Alon! you were absolutely right. What I did before rebuilding a newer kernel, is taking the config from the previoud. so, instead just building the kernel straight away, I took a look in netfilter and activated EVERYTHING (except debug and experimental modules) in the netfilter section. And it works..... Thank you! Tamer Am 19.02.2013 05:16, schrieb Alon Bar-Lev: > Yes, I use it. > Just enable all non experimental iptables settings at kernel including NAT. > Works perfectly. > > > On Tue, Feb 19, 2013 at 3:34 AM, Tamer Higazi <th982a@googlemail.com > <mailto:th982a@googlemail.com>> wrote: > > hi people! > I have used all the time "firehol" (gentoo sources 3.3.8) to make my > firewall rules. After kernel 3.4.x I can't make use of it any more. > > Has anyone of you got firehol running on a genoo system with a 3.4.x > kernel above to run? > And if not, can you adivse me something similiar to build linux firewall > rules ?! > > For a short reply I would thank you. > > > > Tamer > > ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2013-02-28 3:52 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-02-19 1:34 [gentoo-user] firehol + gentoo 3.6.11 kernel Tamer Higazi 2013-02-19 1:51 ` Bruce Hill 2013-02-19 2:09 ` Michael Mol 2013-02-19 4:12 ` Pandu Poluan 2013-02-19 16:32 ` Michael Mol 2013-02-19 4:16 ` Alon Bar-Lev 2013-02-19 16:20 ` [gentoo-user] " James 2013-02-19 20:12 ` Mick 2013-02-28 3:52 ` [gentoo-user] " Tamer Higazi
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox