Re: firewall newbie questions
On Saturday 10 April 2004 17.52, Jonas Meurer wrote:
> On 10/04/2004 Juerg Schneider wrote:
> > This is the right way. Close all, log all, open wat you need.
>
> yea, I absolutely agree, but that's not the way I'm able to start
> on a remotely controlled machine kilometers away, since I _need_
> some essential services to log all and reopen what I need.
> So my question was, whether installing firehol will cause rejecting
> ssh connections from outside or whether it will not.
Sure it will close ssh per default. Ssh is only a service, if you
didn't open it, it has to be close. Acording to the homepage a
interface ppp+ internet
server ssh accept src <your ip>
in the config file should be sufficient. In any case, you should play
with the script on your own box.
> Thinking about this, it would be terrible if any script in debian
> would do that per default,
No. All scripts will do so (hopefully). The advantage of a widely used
script as firehol is that it's easy to configure. If I make a mistake
in my hand written script, the script will crash and the rule not
loaded. Since I had close all doors at my firewall once, I've a
failsave at the end of my script:
# Failsave ----------------------------------------------------------
echo "Are the rules ok? If yes type 'ok'"
read -t10 answer
if [ $answer == "ok" ]; then
echo "should be: $answer"
else
echo "but is: $answer"
. /root/fw_failsave
fi
to open ssh again. But the firehol seems so easy to configure, you
can't make mistakes like this. Try it on your own box.
> but it's better to ask before instead of
> calling the computer center afterwards to restore what the install
> broke.
OK.
ciao
Jürg
Reply to: