Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: arno-iptables-firewall

  1. #1

    arno-iptables-firewall

    Knoppix 6.2.1 HD install. I am using arno-iptables-firewall. Everything is fine except I have to start it manually. Contained within are the instructions for creating a symbolic link in /etc/rcS.d which should make it start at boot, but it does not seem to work for me. Anybody else encounter this?

  2. #2
    I am posting this update for the benefit of other newbies, such as myself. What I have discovered is that and "package name" in /etc/init.d can be assigned to autoboot and shutdown via the following command: "update-rc.d defaults". If you wish to assign a package to run in a specific run level; man update-rc.d. Pertaining to my specific problem it is mistated. The firewall does start. However, it starts with a generic script that allows everything. When I force a start it starts with the correct script. Guess I will try the Debian forum. (Remember, a Knoppix HD install becomes Debian; somewhat).

  3. #3
    Typo in the command (probably illegal characters) it should be "update-rc.d 'package name' defaults"

  4. #4
    Senior Member
    Join Date
    Jan 2011
    Posts
    242
    Quote Originally Posted by BoDiddley View Post
    for the benefit of other newbies
    See /etc/inittab.

    Here is states clearly:

    Normal SystemV scripts are disabled in Knoppix
    In principle, the Debian package installation runs update-rc.d so you don't have to. If you find you have the need seek expert counselling. Running the script yourself, if you are lucky, will have no effect whatsoever. If you are not lucky, running the script make break Knoppix. Doing so on a HD installation may ruin the installation permanently.

    In /etc/inittab, it also states clearly:

    use /etc/rc.local instead
    Some have taken this to mean adding something along the lines of:

    Code:
    /etc/init.d/iptables start
    to /etc/rc.local.

    Others have taken this to mean adding something along the lines of iptables to the list of services to be started via /etc/rc.local:

    Code:
    SERVICE="cups ssh mysql iptables"
    For newbies that don't know what iptables are, its the same firewall mechanism as is commonly implemented in broadband routers so you don't have to. There are three good reasons to install iptables:

    1) curiosity - Knoppix is a good learning vehicle
    2) laptop - that you connect to wireless networks in public places
    3) firewall - you don't have a decent broadband router and you need to protect your entire LAN by dedicating a machine to act as firewall for the entire network.

    Happy hacking.

  5. #5
    Thanks again Forester. I will have to try the rc.local. I got the update-rc.d info from the rcs.d read me. What I also discovered is that programs that I completely removed using apt-get and autoremove, did not delete the symbolic links in the rcS.d. A couple of which were previous firewalls I tried and later removed. I thought the extra links might have something to do with the problem. I guess I was fortunate to be able to clean them out using update-rc.d. Anyway, at least now I have another route to pursue.

  6. #6
    Additionally, using "netstat" I found many connections doing I/O's. and flooding me with SYN's (I think they are bad). "arno-iptables-firewall status" will also give you feedback on what the "script" is doing to protect you. After installing the firewall I saw download bursts up to 170 KBPS, never seen before. Any unwarranted connection now gets dropped. I guess I have a bad router. But routers generally ship open. I prefer to develop my security in the firewall, leaving my ISP's router as they shipped it in case I need to call them. I have tried tinkering with the router settings in the past and was almost unable to recover the original settings. (newbie x 2)
    Last edited by BoDiddley; 04-20-2011 at 01:29 PM.

  7. #7
    Senior Member
    Join Date
    Jan 2011
    Posts
    242
    Quote Originally Posted by BoDiddley View Post
    What I also discovered is that programs that I completely removed using apt-get and autoremove, did not delete the symbolic links in the rcS.d.
    Oh. Did you use apt-get remove or apt-get purge ? The first does not remove configuration files and, may be, that means these symbolic links.

  8. #8
    Senior Member
    Join Date
    Jan 2011
    Posts
    242
    Quote Originally Posted by BoDiddley View Post
    Additionally, using "netstat" I found many connections doing I/O's. and flooding me with SYN's (I think they are bad). "arno-iptables-firewall status" will also give you feedback on what the "script" is doing to protect you. After installing the firewall I saw download bursts up to 170 KBPS, never seen before. Any unwarranted connection now gets dropped. I guess I have a bad router. But routers generally ship open. I prefer to develop my security in the firewall, leaving my ISP's router as they shipped it in case I need to call them. I have tried tinkering with the router settings in the past and was almost unable to recover the original settings. (newbie x 2)
    It is difficult to generalise about ISP since folks on this forum are all over the world. I guess many have a solution that uses "Internet Connection Sharing" under Windows. That may rely on firewall software running on the machine that shares out the internet connection. I'm not familiar with the technical details. When I switched to broadband my new ISP offered me the choice: use their ADSL box or my own so I bought my own. It's the DHCP server for my home LAN and came with the correct default firewall configured. It meant I've never needed to look into firewalls and proxies and all that stuff in detail.

    You need a firewall between you and the Internet but it is only part of the story. There is so much misinformation out there.

    SYNs are not bad. There are an essential part of establishing a TCP/IP connection. There is a particular kind of denial of service attack that floods a vulnerable system with SYNs. The vulnerable system allocates some resources and replies OK in order to complete the connection. The attacker does not complete the connection but keeps sending more SYNs. This can tie up enough resources to bring a server down.

    Inbound connections never get made unless you've 'opened the port' by starting some daemon service. The bad guys are like vampires - they can't just break-in while you're not home, someone has to invite them in. So what daemons are you running ? mysql ? ssh ? ftp ? telnet ? We had someone on the forum the other day wanting to open port 631 (ipp) so he could print from the Internet.

    Which options did you use with netstat ? With no parameters it will list lots of connections that are internal to your machine. You need only be concerned about tcp, udp and raw socket connections.

    Oh, if you are editing posts under Iceweasel and you have NoScript running, you need to allow both knoppix.net and googleapis.com but it make editing bearable.

  9. #9
    I used remove, and autoremove. I did not know about purge - thanks. ... Iceweasel - have allowed both but my editor is still a nightmare. Have to try a different spell checker as previously mentioned. I just used netstat without switches... I am familiar with protocols. I always ran my own firewall in Windows. I am running no daemons, however, what I have noticed is the ability for some to utilize an existing http to trace, determine IP and flood - so it would seem. They seem to lurk on sites and disrupt legitimate requests you initiate.
    Last edited by BoDiddley; 04-23-2011 at 08:53 PM.

  10. #10
    There is one big name company that is always listed on my http connections, they have 4 primary servers - and can hop to others if you block theirs. They can disrupt me but with an active firewall, the moment they try any I/O they get dropped. They used to trace my http back, and then begin searching for open ports using about 10 to 20 different connections from the same server, and tie up all my resources. This might not make scientific sense, but it does happen.The syn floods have stopped as well. Some time nusiance seems the objective - for me. But I am certain ther are cataloguing and planting bots for all those happy-go-lucky users without a care.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


XDHXT DELL PERC H710P 6Gbps 1GB PCI RAID CONTROLLER 0XDHXT picture

XDHXT DELL PERC H710P 6Gbps 1GB PCI RAID CONTROLLER 0XDHXT

$59.00



IBM LSI SAS9220-8i M1015 46M0861 SAS/SATA PCI-e RAID Controller Both brackets picture

IBM LSI SAS9220-8i M1015 46M0861 SAS/SATA PCI-e RAID Controller Both brackets

$139.00



LSI 9305-16i SATA SAS 12Gbs RAID Controller PCIe 3.0 x8 IT-Mode 4* 8643 SATA picture

LSI 9305-16i SATA SAS 12Gbs RAID Controller PCIe 3.0 x8 IT-Mode 4* 8643 SATA

$229.99



Lot of 4 - Genuine Dell (62P9H) PERC H710 512MB Mini Blade 6Gbps SAS Raid picture

Lot of 4 - Genuine Dell (62P9H) PERC H710 512MB Mini Blade 6Gbps SAS Raid

$49.99



Inspur LSI 9300-8i Raid Card 12Gbps HBA HDD Controller High Profile IT MODE picture

Inspur LSI 9300-8i Raid Card 12Gbps HBA HDD Controller High Profile IT MODE

$15.98



ORICO Multi Bay RAID Hard Drive Enclosure USB 3.0/ Type-C For 2.5/3.5'' HDD SSDs picture

ORICO Multi Bay RAID Hard Drive Enclosure USB 3.0/ Type-C For 2.5/3.5'' HDD SSDs

$86.99



LSI MegaRAID 9361-8i 12Gb PCIe 8-Port SAS/SATA RAID 1Gb w/BBU/CacheVault/License picture

LSI MegaRAID 9361-8i 12Gb PCIe 8-Port SAS/SATA RAID 1Gb w/BBU/CacheVault/License

$35.96



LSI MegaRAID 9361-8i 12Gbps PCIe 3 x8 SATA SAS 3 8 Port RAID + BBU & CacheVault picture

LSI MegaRAID 9361-8i 12Gbps PCIe 3 x8 SATA SAS 3 8 Port RAID + BBU & CacheVault

$39.00



Yottamaster 5 Bay RAID Hard Drive Enclosure USB3.1 Type C 2.5

Yottamaster 5 Bay RAID Hard Drive Enclosure USB3.1 Type C 2.5"/3.5" SATA HDD SSD

$142.49



Dell PCIe M.2 Boss S1 RAID Controller Card 7HYY4 with 2x 240GB SSD picture

Dell PCIe M.2 Boss S1 RAID Controller Card 7HYY4 with 2x 240GB SSD

$94.99