Linux uses IPTABLES as a firewall. There isnt really some daemon running like u would see in windows. With this said, that doesnt mean the box has IPTABLES configed. Read up on IPTABLES to learn more about linux's basic firewalling.
PS If that is a computer u arent supposed to be on, be careful as several loggers are running.
yuliang11
Jan 17 2004, 04:24 AM
yes linux uses iptables by default. but depending on your kernel version. if you are using old distro u might be running ipchains. to check wheter your iptables or ipchains is on and off. perhaps u should try something like /etc/init.d/iptables --status . or chkconfig --list. from your ps, uhhh.. hard to know wheter your firewall is running.
--cheers-
icenix
Jan 18 2004, 04:02 AM
CODE
iptables -L
that'll list SOME Settings...not all
read up on IPTable Scripts... its generaly a way to block a list of default attacks to block up certain ports do:
CODE
iptables -A INPUT -p tcp --dport PORT -j DROP
That will Deny a port from being accessed, generally.. if you dont want a port being access...youd better close the service itself.
hope i helped icenix
ikkyu
Jan 18 2004, 09:39 PM
first off if this isn't your machine then leave it alone, I strongly supect that it isn't since you don't know much about *nix
Secondly, a lesson in terminology, if you are't precise and accurate with your language then you can't talk about technical subjects. A firewall is a dedicated device that isolates two or more networks from each other, the origin being the same term refering to a building technique that limits the spread of fires through a structure by the use of fire resistant bariers. Linux uses a kernel module to alter packts before they reach userspace called iptables (formerly ipchains), this is derived from the berkley net filter as I understand. To see what modules are loaded check /proc/modules. You have listed the output of ps, very good on your part, however when you become more sophistocated you will learn the difference between user and kernel space. To the best of my knowedge there is no way for a userspace app to alter packtes without the aid of a kernel module (this is different from the piss-poor windows design where user and kernel space are poorly defined) so there really an interchangeable "firewall". Check the man pages for iptables to find out how to alter ruleset. Do you homework at http://www.tldp.org/
SyN/AcK
Jan 18 2004, 11:36 PM
I agree... windows device drivers are such a pain in the ass. I wrote a program for the TDI layer (as opposed to the NDIS layer) that encrypted all packets incoming and outgoing for a secure local network. Pretty painful.
If you really want to know, when you install linux, there is an option where you check High, Medium, or Low for your firewall setting, and can also put your own settings in as well. This would lead me to also believe this is not your system, for you should've remembered this.
raif
Jan 19 2004, 03:08 AM
if this is your box then you have root access. to determine if the firewall is up and running, type this command:
iptables --list
of course i'm assuming that you are using iptables for a firewall and that you know how to read the resulting ruleset the is output to the screen when this command is issued. if you know nothing about linux firewall rulesets, go here.
raif
Jan 19 2004, 03:11 AM
oops, almost forgot.
QUOTE
If you really want to know, when you install linux, there is an option where you check High, Medium, or Low for your firewall setting, and can also put your own settings in as well.
this is not true for some linux distributions. in redhat i think this was first implemented in the 7.0 install. in distros like slackware there is no preconfiguration for firewalls during the install. i'm not sure about other distros though.
baudmax
Mar 2 2004, 08:35 PM
QUOTE (SyN/AcK @ Jan 18 2004, 11:36 PM)
If you really want to know, when you install linux, there is an option where you check High, Medium, or Low for your firewall setting, and can also put your own settings in as well. This would lead me to also believe this is not your system, for you should've remembered this.
The utility that does this, as you describe low/medium/high w/ some port customization possible under "custom", is Lokkit (see Sec.4.6 & Sec.7 RHL Security Guide). It ships with RedHat 9, I'm not sure about other versions or distros.
Lokkit just creates a simple IPTABLES config file (of the same name) in the /etc/sysconfig folder.
Just type "lokkit" at the shell (may have to be root). NOTE: lokkit will OVERWRITE the existing iptables config file. If you will wish to save the original, cp a backup copy. You can load ruleset from any file with iptables-restore < config.file
To check if iptables is configured to autorun on boot: chkconfig --list iptables
chkconfig --levels 345 iptables on (turns on iptables at boot or runlevel change to runlevels 3,4 & 5)
--- service iptables status: returns print of current iptables rulelist if running
service iptables stop: clears iptables rulesets, resets to accept all (disables firewall)
service iptables start (enables firewall) reloads /etc/sysconfig/iptables
If this sounds confusing, then RTFM...
For more information about how to use these applications and what options they offer, refer to the chapter called Basic Firewall Configuration in the Red Hat Linux Customization Guide.
For advanced users and server administrators, manually configuring a firewall with iptables is likely the best option. Refer to Chapter 7 Firewalls for more information. For a comprehensive guide to the iptables command, consult the chapter titled Firewalls and iptables in the Red Hat Linux Reference Guide.
pollo
Mar 20 2004, 11:59 PM
Man iptables
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
