SliTaz Forum

FWBuilder fails to install firewall policy

(6 posts) (2 voices)

• Started 9 years ago by happy_slitaz
• Latest reply from happy_slitaz
• This topic is not resolved

Tags:

No tags yet.

1. 

   happy_slitaz
   

   offline

   Member

   Hi,

   I installed Slitaz 4.0 just now.

   I don't know how to configure iptables directly.

   I was using ufw before but can't find it in the repos.

   So I installed fwbuilder.

   I am choosing a preconfigured template for workstation

   then when I click on "Compile and install this firewall"

   the compilation process is completing successfully but

   when I finally try to install the firewall by providing my

   username as root with my root password it fails.

   I have attached the log file. Please have a look and tell

   me whats going wrong.

   Attachments

   1. fail.txt (0.8 KB, 780 downloads) 9 years old

   Posted 9 years ago #
2. 

   happy_slitaz
   

   offline

   Member

   $ nmap localhost

   Starting Nmap 5.51 ( http://nmap.org ) at 2014-09-19 16:31 UTC
   Nmap scan report for localhost (127.0.0.1)
   Host is up (0.00042s latency).
   Not shown: 997 closed ports
   PORT STATE SERVICE
   80/tcp open http
   82/tcp open xfer
   6000/tcp open X11

   Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds

   I have installed package iptables and modified

   /etc/firewall.conf

   $ cat /etc/firewall.conf
   # /etc/firewall.conf: SliTaz firewall configuration.
   # Config file used by: /etc/init.d/firewall.sh
   #

   # Network interface.
   INTERFACE="eth0"

   # Enable/disable kernel security.
   KERNEL_SECURITY="yes"

   # Enable/disable iptables rules (iptables package must be installed).
   IPTABLES_RULES="yes"

   # Netfilter/iptables rules.
   # This shell function is included in /etc/init.d/firewall.sh
   # to start iptables rules.
   #
   iptables_rules()
   {

   # Drop all input connections.
   iptables -P INPUT DROP

   # Drop all output connections.
   iptables -P OUTPUT DROP

   # Drop all forward connections.
   iptables -P FORWARD DROP

   # Accept near all output trafic.
   iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

   # Accept unprivileged ports.
   iptables -A INPUT -i $INTERFACE -p udp --destination-port 1024:65535 -j ACCEPT

   # Accept ping.
   iptables -A INPUT -i $INTERFACE -p icmp -j ACCEPT

   # Accept input trafic only for connections initialized by user.
   iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

   # Accept input on localhost (127.0.0.1).
   iptables -A INPUT -i lo -j ACCEPT

   }

   Then restarted the firewall by doing

   /etc/init.d/firewall restart

   but as you can see por 80 is still open.

   Posted 9 years ago #
3. 

   mojo
   

   offline

   Key Master

   http://doc.slitaz.org/en:handbook:networkconf?s=linux&s=netfilter#manage-the-firewall-firewall-using-iptables
   tazpkg -gi linux-netfilter
   Verify /etc/firewall.conf INTERFACE= is the same as /etc/network.conf INTERFACE=

   Posted 9 years ago #
4. 

   happy_slitaz
   

   offline

   Member

   I have done this

   tazpkg -gi iptables

   Should I uninstall it first ?

   Yes, both have eth0 mentioned in them.

   Posted 9 years ago #
5. 

   happy_slitaz
   

   offline

   Member

   # tazpkg -gi linux-netfilter

   linux-netfilter-2.6.37 package is already installed. You can
   use the --forced option to force installation or remove it and reinstall.

   Posted 9 years ago #
6. 

   happy_slitaz
   

   offline

   Member

   I want to enable "incoming deny any" from all.

   Other then that open only one port for torrent.

   Presently when I open my torrent client I find

   the port is open by checking

   nmap 192.168.0.102 -p7555

   I did not open this port. Cant understand whats happening.

   Posted 9 years ago #

RSS feed for this topic

Reply

You must log in to post.