Re: Contribution to Slitaz - firewall.conf

[ Thread Index | Date Index | More lists.tuxfamily.org/slitaz Archives ]


Hi Gokhlayeh,

Just checking if you have missed to attach your firewall.conf or is it
just 1 line.

Can you also add a quick guide on setting up a firewall in slitaz here:
http://doc.slitaz.org/en:guides:start

Note, there is an official guide too:
http://doc.slitaz.org/en:handbook:networkconf#manage-the-firewall-firewall-using-iptables

Thanks

Rohit

On Thu, Mar 4, 2010 at 4:51 PM,  <gokhlayeh@xxxxxxxxxx> wrote:
> Hi Rohit,
>
> Here is my firewall.conf. The important line is :
>
> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>
> It block all input connections wich are not initialized by user. Please
> note that iptables don't filter ipv6 (ip6tables do that). So I add :
> blacklist ipv6
> In my /etc/modprobe.d/blacklist.conf. I think it can be a good solution by
> default because ipv6 is not necessary for most users at this moment. With
> this firewall.conf and with ipv6 blacklisted the firewall is well
> configured by default (my reference, in french, is
> http://olivieraj.free.fr/fr/linux/information/firewall/fw-03-07.html. It's
> quite old but seems correct at this time). If you don't blacklist ipv6, you
> make a whole in your iptables firewall, and users who install it don't want
> that :).
>
> In conclusion I suggest that iptables use this conf and blacklist ipv6
> module by default when installed, tell user how to re-activate it and warn
> about consequences.
>
> Peoples who maintain servers must open input port one by one for new
> connections established by others. I keep the exemples in the config file.
>
> I've no access to hg repo and I can eventually use one to update some
> little fixs like missing depends or update recipes, but at this time I
> prefer send "majors" changes, or thoses wich concern the core, on the list
> and let you make the decisions at this important point of the development.
>
> I will send the recipes for fotoxx & depends soon.
>
> GoKhlaYeh
>
> On Tue, 2 Mar 2010 13:49:49 +0000, Rohit Joshi <rj.rohit@xxxxxxxxx> wrote:
>> Hi Gokhlayeh,
>>
>> Very good work.
>>
>> 1) slitaz-icon : for icon theme. E17 flavor is welcome.
>> 2) Please do send your iptables work.
>> 3) Please go ahead and update fotoxx
>>
>> Currently, we have frozen the wok and working on fixing the bugs and
>> improving the pkgs/tools. We are not supposed to add any new pkgs
>> unless they are required for security/bugs/broken purposes.
>>
>> Do you have access to hg repos?? May like to get one if you would like
>> to help out.
>>
>> Rohit
>>
>
> ---
> SliTaz GNU/Linux Mailing list - http://www.slitaz.org/
>
>

---
SliTaz GNU/Linux Mailing list - http://www.slitaz.org/


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/