D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Removing firestarter



On Saturday 05 April 2003 1:55 pm, Jonathan Melhuish wrote:
> The firestarter firewall software that I installed has proven to be a bit
> of a pain in the arse!  Every time I go online I have to:
>
> 	*  Open a terminal
> 	*  Become root
> 	*  Start firestarter

Putting the firestarter command in /etc/rc.local would achieve the same thing 
but without any intervention.

> I'm sure this isn't supposed to happen, but rather than fix it, I would
> prefer just to have a simple "block all" iptables firewall that starts upon
> boot.

Preumably not dial-up then - as you'd usually put a ppp firewall in 
/etc/ppp/ip-up.local and let it start whenever the connection is live and put 
a similar script in ip-down.local when the connection is dropped by pppd.

This is my old file (pre-ISDN) and there will need to be some changes to it, 
in particular changing the reference to ppp0. (delete the entire line if you 
don't want to share the internet connection).

Make it chmod 700 and chown root.root then call it from rc.local (or just add 
the whole thing to rc.local).

#! /bin/bash
# from p175 Linux Security Basics
# ISBN 0672320916
# http://www.amazon.co.uk/exec/obidos/ASIN/0672320916/neilwilliaprogra

for TABLE in filter nat mangle; do
	iptables -t $TABLE -F
	iptables -t $TABLE -X
done

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for DNS in $(grep ^n /etc/resolv.conf|awk '{print $2}'); do
	iptables -t filter -A INPUT -p udp -s $DNS --source-port domain -j ACCEPT
done

iptables -t filter -A INPUT -p tcp -s 192.168.0.0/24 -j ACCEPT
iptables -t filter -A INPUT -p icmp -s 192.168.0.0/24 -j ACCEPT 
iptables -t filter -A INPUT -p udp -s 192.168.0.0/24 -j ACCEPT
iptables -N logdeny
iptables -t filter -A logdeny -j LOG --log-level "info" --log-prefix "iptab: "
iptables -t filter -A logdeny -j DROP
iptables -t filter -A INPUT -i ! lo -m state --state NEW,INVALID -j logdeny
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

Briefly, this clears all previous tables. Then it enables forwarding (which is 
usually reset at shutdown). Then it allows all connections that you establish 
from within the firewall and allows DNS services through by checking your 
/etc/resolv.conf (which must therefore contain valid DNS server IP details). 
The next 3 rules allow connections coming from the local intranet (make sure 
the IP range matches your LAN) and then it creates a new table called logdeny 
which records the dropped packets (next 2 rules). Any other packets that come 
from attempted new connections from outside the local area (! lo) are denied. 
The last line enables masquerade - allows other boxes on the same LAN to 
share this internet connection.

(The above might not be 100% accurate but I'm sure others here will clarify!!)

>
> Which shouldn't be a problem, but I'm having troubles removing Firestarter!
> Using "rpm -e firestarter" seems to delete all of the files, but then none
> of my outgoing connections work!  "iptables -F" makes no difference either.

Firestarter probably added one or more tables of it's own and these aren't 
being cleared - hence the foreach in the above script, it loops through each 
active table and clears each one before dropping the additional tables.

Just running the loop should be enough to reset the iptables.

-- 

Neil Williams
=============
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/

Attachment: pgp00003.pgp
Description: signature


Lynx friendly