Hi Me again with my Shorewall. Here is the thing, I start Mandriva using the verbose mode (press Esc). Somewhere along the way it says - Starting shorewall [OK]. Great isn't it? Lovely! So I log on as usual and go to check that shorewall is running. Both KSysguard and CCM do not show any evidence that Shorewall is running. CCM shows that IPTables is stopped but will not react to pressing the start button. This is no biggy. So Then I go to check at GRC. I check my torrent port and it comes back as Stealth. In other words the rules I have added before were not loaded. Next I do this: in terminal I stop Shorewall (shorewall stop). Then I start it again.... Now Shorewall starts and loads the rule for my torrent port. Then I go to GRC again and this time the port is closed. That is not a problem. At least Azures gives me a green face rather than a yellow. Question time.... How do I get shorewall to start with the rules already loaded? It obviously starts alright because all my ports are stealthed to start with.... I think I need to tell Shorewall the path to the rules but where do they live? And where is the configuration file which tells shorewall what is the path? Thanks.
Sounds like shorewall is giving you way more problems than are warranted, especially since it's not even very good. You might consider stopping shorewall in your services then disabling it from starting. Next, download and install either Firestarter or Guarddog (as root): Code: urpmi firestarter or Code: urpmi guarddog Make sure whichever program you've installed is set to start with Mandriva, setup your firewall rules and do the 'ol GRC test. That or IM me and I'll give your system a once-over with nmap or the tool of your choice. -AT
Hi AT and thanks for the advice. To disable Shorewall from starting do I need to chanege this : "STARTUP_ENABLED=yes" to 'no' in /etc/shorewall/shorewall.conf? Am I not better off to uninstall Shorewall all together? I will take you up on your offer as soon as I have another firewall in place. What do you think of what is happening with IPTables? is there a reason to worry? Thanks again... see ya later
You can stop shorewall and prevent it from starting up with Linux either through the services dialog in mcc or by typing the following as root: Code: [I]#stop the shorewall service right now:[/I] service shorewall stop [I]#use the chkconfig command to prevent shorewall from starting with the system:[/I] chkconfig shorewall off Make sure you install and test your alternate firewall interface soon though. Linux is potentially very secure, but if you have unnecessary services running or those that are not properly configured (such as SSH allowing direct root login and a weak root password), you might have security problems. It would probably take a while but there's no reason to risk it, so just get your next firewall up ASAP.
Thanks AT! I will start by terminating the connection (could have just said disconnet.... I am such a pompus arse...... ) and then I will do the necessaries. Will post results! Mega thanks!
How are you going to download and install firestarter or guarddog if you don't have an Internet connection? *scratches head*
mmmmm duuhhhhhhhh...... Du' no....... (*dribbeling from corner of mouth*) Think it is easy being so thick do ya?
Riiiiggghhhtt then, Stopped shorewall, installed firestarter, started firestarter and configured. Firestarter shows in the CCM and also shows as a) running b) starts at boot. I have tested and got 'Passed' in all stealth tests. I am happy! However, on next boot, again pressed Esc for verbose mode (ooohh look at him with his verbosity.... ) and again, it shows that shorewall starts OK. Now I did not mention before but Shorewall does not reside on my PC no more as I uninstalled it..... hah: so what gives? AAAAnyways, no biggy at all. As my desktop finished loading I get a splash screen telling me that Firestarter somthing bla, di bla, di bla - requires root privliges. What gives? I am very grateful that Firestarter started but why the root privliges? So I am slightly baffled. firewall works fine and keping all the baddies out but it would be nice not to get the spalsh again.... no wha u min? Thanks AT for another valueable lesson. I always prefered Firestarter anyay. Also how do you start it minimised? Please feel free to probe me, eeeehhhmmm, the computer I mean..... I am turning in now but the PC will be connected again from about 8:00am. I will PM the IP address first thing in the morning... Thanks again!
To prevent the shorewall scripts from starting with your PC, run the following command as root: Code: chkconfig shorewall off Shorewall the service and shorewall the scripts are two different things. As for why Firestarter needs root privileges, a firewall interacts with the kernel so it's necessary. You don't need the Firestarter GUI starting with Linux though, that's really up to your preferrence. The Firestarter service is really the important part of the equation. That sets the IPTables rules, which is what keeps your rig firewalled.
Thanks AT I ran the script and got this message; ?????? hah: I looked at 'chkconfig --list' and shorewall is not present there..... Anyway, I am not really concerned with this. It is not really broke so I am not going to attempt to fix it.... Many thanks for all your help!
