Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: arno-iptables-firewall

  1. #1

    arno-iptables-firewall

    Knoppix 6.2.1 HD install. I am using arno-iptables-firewall. Everything is fine except I have to start it manually. Contained within are the instructions for creating a symbolic link in /etc/rcS.d which should make it start at boot, but it does not seem to work for me. Anybody else encounter this?

  2. #2
    I am posting this update for the benefit of other newbies, such as myself. What I have discovered is that and "package name" in /etc/init.d can be assigned to autoboot and shutdown via the following command: "update-rc.d defaults". If you wish to assign a package to run in a specific run level; man update-rc.d. Pertaining to my specific problem it is mistated. The firewall does start. However, it starts with a generic script that allows everything. When I force a start it starts with the correct script. Guess I will try the Debian forum. (Remember, a Knoppix HD install becomes Debian; somewhat).

  3. #3
    Typo in the command (probably illegal characters) it should be "update-rc.d 'package name' defaults"

  4. #4
    Senior Member
    Join Date
    Jan 2011
    Posts
    242
    Quote Originally Posted by BoDiddley View Post
    for the benefit of other newbies
    See /etc/inittab.

    Here is states clearly:

    Normal SystemV scripts are disabled in Knoppix
    In principle, the Debian package installation runs update-rc.d so you don't have to. If you find you have the need seek expert counselling. Running the script yourself, if you are lucky, will have no effect whatsoever. If you are not lucky, running the script make break Knoppix. Doing so on a HD installation may ruin the installation permanently.

    In /etc/inittab, it also states clearly:

    use /etc/rc.local instead
    Some have taken this to mean adding something along the lines of:

    Code:
    /etc/init.d/iptables start
    to /etc/rc.local.

    Others have taken this to mean adding something along the lines of iptables to the list of services to be started via /etc/rc.local:

    Code:
    SERVICE="cups ssh mysql iptables"
    For newbies that don't know what iptables are, its the same firewall mechanism as is commonly implemented in broadband routers so you don't have to. There are three good reasons to install iptables:

    1) curiosity - Knoppix is a good learning vehicle
    2) laptop - that you connect to wireless networks in public places
    3) firewall - you don't have a decent broadband router and you need to protect your entire LAN by dedicating a machine to act as firewall for the entire network.

    Happy hacking.

  5. #5
    Thanks again Forester. I will have to try the rc.local. I got the update-rc.d info from the rcs.d read me. What I also discovered is that programs that I completely removed using apt-get and autoremove, did not delete the symbolic links in the rcS.d. A couple of which were previous firewalls I tried and later removed. I thought the extra links might have something to do with the problem. I guess I was fortunate to be able to clean them out using update-rc.d. Anyway, at least now I have another route to pursue.

  6. #6
    Additionally, using "netstat" I found many connections doing I/O's. and flooding me with SYN's (I think they are bad). "arno-iptables-firewall status" will also give you feedback on what the "script" is doing to protect you. After installing the firewall I saw download bursts up to 170 KBPS, never seen before. Any unwarranted connection now gets dropped. I guess I have a bad router. But routers generally ship open. I prefer to develop my security in the firewall, leaving my ISP's router as they shipped it in case I need to call them. I have tried tinkering with the router settings in the past and was almost unable to recover the original settings. (newbie x 2)
    Last edited by BoDiddley; 04-20-2011 at 01:29 PM.

  7. #7
    Senior Member
    Join Date
    Jan 2011
    Posts
    242
    Quote Originally Posted by BoDiddley View Post
    What I also discovered is that programs that I completely removed using apt-get and autoremove, did not delete the symbolic links in the rcS.d.
    Oh. Did you use apt-get remove or apt-get purge ? The first does not remove configuration files and, may be, that means these symbolic links.

  8. #8
    Senior Member
    Join Date
    Jan 2011
    Posts
    242
    Quote Originally Posted by BoDiddley View Post
    Additionally, using "netstat" I found many connections doing I/O's. and flooding me with SYN's (I think they are bad). "arno-iptables-firewall status" will also give you feedback on what the "script" is doing to protect you. After installing the firewall I saw download bursts up to 170 KBPS, never seen before. Any unwarranted connection now gets dropped. I guess I have a bad router. But routers generally ship open. I prefer to develop my security in the firewall, leaving my ISP's router as they shipped it in case I need to call them. I have tried tinkering with the router settings in the past and was almost unable to recover the original settings. (newbie x 2)
    It is difficult to generalise about ISP since folks on this forum are all over the world. I guess many have a solution that uses "Internet Connection Sharing" under Windows. That may rely on firewall software running on the machine that shares out the internet connection. I'm not familiar with the technical details. When I switched to broadband my new ISP offered me the choice: use their ADSL box or my own so I bought my own. It's the DHCP server for my home LAN and came with the correct default firewall configured. It meant I've never needed to look into firewalls and proxies and all that stuff in detail.

    You need a firewall between you and the Internet but it is only part of the story. There is so much misinformation out there.

    SYNs are not bad. There are an essential part of establishing a TCP/IP connection. There is a particular kind of denial of service attack that floods a vulnerable system with SYNs. The vulnerable system allocates some resources and replies OK in order to complete the connection. The attacker does not complete the connection but keeps sending more SYNs. This can tie up enough resources to bring a server down.

    Inbound connections never get made unless you've 'opened the port' by starting some daemon service. The bad guys are like vampires - they can't just break-in while you're not home, someone has to invite them in. So what daemons are you running ? mysql ? ssh ? ftp ? telnet ? We had someone on the forum the other day wanting to open port 631 (ipp) so he could print from the Internet.

    Which options did you use with netstat ? With no parameters it will list lots of connections that are internal to your machine. You need only be concerned about tcp, udp and raw socket connections.

    Oh, if you are editing posts under Iceweasel and you have NoScript running, you need to allow both knoppix.net and googleapis.com but it make editing bearable.

  9. #9
    I used remove, and autoremove. I did not know about purge - thanks. ... Iceweasel - have allowed both but my editor is still a nightmare. Have to try a different spell checker as previously mentioned. I just used netstat without switches... I am familiar with protocols. I always ran my own firewall in Windows. I am running no daemons, however, what I have noticed is the ability for some to utilize an existing http to trace, determine IP and flood - so it would seem. They seem to lurk on sites and disrupt legitimate requests you initiate.
    Last edited by BoDiddley; 04-23-2011 at 08:53 PM.

  10. #10
    There is one big name company that is always listed on my http connections, they have 4 primary servers - and can hop to others if you block theirs. They can disrupt me but with an active firewall, the moment they try any I/O they get dropped. They used to trace my http back, and then begin searching for open ports using about 10 to 20 different connections from the same server, and tie up all my resources. This might not make scientific sense, but it does happen.The syn floods have stopped as well. Some time nusiance seems the objective - for me. But I am certain ther are cataloguing and planting bots for all those happy-go-lucky users without a care.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


A-Tech 8GB DDR3 1600 PC3-12800 Laptop SODIMM 204-Pin Memory RAM PC3L DDR3L 1x 8G picture

A-Tech 8GB DDR3 1600 PC3-12800 Laptop SODIMM 204-Pin Memory RAM PC3L DDR3L 1x 8G

$13.99



HyperX FURY RAM DDR4 16GB 8GB 32GB 4GB 3200 2666 2400 2133 Desktop Memory DIMM picture

HyperX FURY RAM DDR4 16GB 8GB 32GB 4GB 3200 2666 2400 2133 Desktop Memory DIMM

$9.64



CRUCIAL DDR3L 8GB 16GB 32GB 1600 MHz PC3-12800 Laptop Memory RAM SODIMM 204-Pin picture

CRUCIAL DDR3L 8GB 16GB 32GB 1600 MHz PC3-12800 Laptop Memory RAM SODIMM 204-Pin

$14.35



A-Tech 8GB PC3-12800 Desktop DDR3 1600 MHz Non ECC 240-Pin DIMM Memory RAM 1x 8G picture

A-Tech 8GB PC3-12800 Desktop DDR3 1600 MHz Non ECC 240-Pin DIMM Memory RAM 1x 8G

$13.99



A-Tech 16GB 2 x 8GB PC3-12800 Laptop SODIMM DDR3 1600 Memory RAM PC3L 16G DDR3L picture

A-Tech 16GB 2 x 8GB PC3-12800 Laptop SODIMM DDR3 1600 Memory RAM PC3L 16G DDR3L

$27.98



Team T-FORCE VULCAN Z 16GB (2 x 8GB) 288-Pin PC RAM DDR4 3200 (PC4 25600) Intel picture

Team T-FORCE VULCAN Z 16GB (2 x 8GB) 288-Pin PC RAM DDR4 3200 (PC4 25600) Intel

$35.99



A-Tech 16GB 2x 8GB PC3-12800 Desktop DDR3 1600 MHz 240pin DIMM Memory RAM 16G 8G picture

A-Tech 16GB 2x 8GB PC3-12800 Desktop DDR3 1600 MHz 240pin DIMM Memory RAM 16G 8G

$27.98



HMT84GL7AMR4C-RD 32GB DDR3 Server Memory RAM 14900L ECC REG 4Rx4 SK Hynix Cisco picture

HMT84GL7AMR4C-RD 32GB DDR3 Server Memory RAM 14900L ECC REG 4Rx4 SK Hynix Cisco

$13.99



Hynix 64GB 4Rx4 PC4-2133P-L LRDIMM DDR4-17000 ECC Load Reduced Server Memory RAM picture

Hynix 64GB 4Rx4 PC4-2133P-L LRDIMM DDR4-17000 ECC Load Reduced Server Memory RAM

$64.99



A-Tech 32GB 2x 16GB PC4-25600 Laptop SODIMM DDR4 3200 MHz Non-ECC Memory RAM 32G picture

A-Tech 32GB 2x 16GB PC4-25600 Laptop SODIMM DDR4 3200 MHz Non-ECC Memory RAM 32G

$59.99