Firestarter firewall seems very complex - Solved
Claude Jones
claude_jones at levitjames.com
Mon Mar 21 23:19:58 UTC 2005
Pasha wrote:
> Claude Jones wrote:
>
>>>> I've built my firewall using Firestarter, Ver 1.03. If I turn it
>>>> off, and do iptables -vL, I get a wide open no rules iptables list.
>>>> When turned on, it has what seems like a very simple 5-policy set of
>>>> rules for inbound - no outbound policies at all. Yet, when I give
>>>> the iptables -vsL command, I get a huge complex set of rules and
>>>> chains that I haven't seemingly configured. I'd post it but it
>>>> takes up nearly
>>>> three screens. Anyone know the short answer to why this is happenning?
> If you look in /etc/firestarter directory you will find there a script
> that firestarter wizard generates (in latest version they probably split
> it into several scripts). Look at it - they write in the comments
> explanation for the rules they set.
>
This was the ticket. I'd printed out the manual, and read a lot of
on-line docs, many more than were suggested by others. Looking at the
script pretty much answered my question. I'd checked 'Block traffic from
reserved addresses on public interfaces' in preferences, and that
generated a separate rule for every reserved address, probably 2/3'rds
of the rules script.
--
Claude Jones
Bluemont, VA, USA
More information about the fedora-list
mailing list