Re: change in behavior of iptables with respect to firestarter
On Fri, Oct 22, 2010 at 03:00:40PM -0400, Gilbert Sullivan wrote:
> On 10/22/2010 01:56 PM, Rob Owens wrote:
>> On Fri, Oct 22, 2010 at 01:50:11PM -0400, Gilbert Sullivan wrote:
>>> list's moderator hasn't got back to me. It appears that the rules I want
>>> in iptables are not in effect at all until I actually bring up the
>>> Firestarter user interface during a given session. Once I log off
>>> (restart not necessary) the rules are apparently reset to the default.
>>>
>> You can check this by running (as root):
>>
>> iptables -L
>>
>> If there are no firewall rules active, it will look something like this:
>>
>> Chain INPUT (policy ACCEPT)
>> target prot opt source destination
>>
>> Chain FORWARD (policy ACCEPT)
>> target prot opt source destination
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source destination
>>
>> -Rob
>
> Thanks, Rob.
>
> I set up the rules in Firestarter. I reboot. This is what I get:
>
> # iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
<lots of stuff snipped>
It definitely looks like you have no active firewall until you run
firestarter manually.
I'm not very familiar with firestarter, but it seems like it should
start automatically on boot because as soon as you boot up and get a network
connection, you are vulnerable.
Is there a /etc/default/firestarter file? Does it say to run
firestarter at startup? Install and run sysv-rc-conf. Does it say that
firestarter is supposed to be started in your runlevel? (default
runlevel is 2 for Debian). Are there any other conf files you could
check? /etc/firestarter.conf, for instance?
-Rob
Reply to: