| Re: Contribution to Slitaz - firewall.conf |
[ Thread Index |
Date Index
| More lists.tuxfamily.org/slitaz Archives
]
- To: slitaz@xxxxxxxxxxxxxxxxxxx
- Subject: Re: Contribution to Slitaz - firewall.conf
- From: Rohit Joshi <rj.rohit@xxxxxxxxx>
- Date: Thu, 4 Mar 2010 17:18:32 +0000
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=CIOMNiIpmJfKsj9ynuCJKU2VvRKgZftrNgy/pchBY9Q=; b=xD83H4eCtHchcYjSmm3deUaOHTOn4maCvWCfGEtmgvjVMSzJGNKn5mEepXGOh1HoQI r1DH0i8+zdfDzoaYANMYoPxv2TUhSW3jt/3vqA7C9UlgHfrHONBVvD7y8rMocBqvDX/5 J3LT+UfJE4hWwmmb/rqbYyDChiYXxgVx0Wakg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=FKBUOpXpA961Xo6f/Fo6LIjgb4OZkUAiVz3N+OV7cK88C0P3iIMHX64CsnVDma4zPB FxaisNxGkoUWmLTi1vMuFErz5eYKzdtTRYtagfPznLYN5bAziUHN74iHIau0zeIcD21A 1p18QwdnQzvUZHJlpWCnZvE8Ugczw7AB0XXVc=
Hi Gokhlayeh,
Just checking if you have missed to attach your firewall.conf or is it
just 1 line.
Can you also add a quick guide on setting up a firewall in slitaz here:
http://doc.slitaz.org/en:guides:start
Note, there is an official guide too:
http://doc.slitaz.org/en:handbook:networkconf#manage-the-firewall-firewall-using-iptables
Thanks
Rohit
On Thu, Mar 4, 2010 at 4:51 PM, <gokhlayeh@xxxxxxxxxx> wrote:
> Hi Rohit,
>
> Here is my firewall.conf. The important line is :
>
> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>
> It block all input connections wich are not initialized by user. Please
> note that iptables don't filter ipv6 (ip6tables do that). So I add :
> blacklist ipv6
> In my /etc/modprobe.d/blacklist.conf. I think it can be a good solution by
> default because ipv6 is not necessary for most users at this moment. With
> this firewall.conf and with ipv6 blacklisted the firewall is well
> configured by default (my reference, in french, is
> http://olivieraj.free.fr/fr/linux/information/firewall/fw-03-07.html. It's
> quite old but seems correct at this time). If you don't blacklist ipv6, you
> make a whole in your iptables firewall, and users who install it don't want
> that :).
>
> In conclusion I suggest that iptables use this conf and blacklist ipv6
> module by default when installed, tell user how to re-activate it and warn
> about consequences.
>
> Peoples who maintain servers must open input port one by one for new
> connections established by others. I keep the exemples in the config file.
>
> I've no access to hg repo and I can eventually use one to update some
> little fixs like missing depends or update recipes, but at this time I
> prefer send "majors" changes, or thoses wich concern the core, on the list
> and let you make the decisions at this important point of the development.
>
> I will send the recipes for fotoxx & depends soon.
>
> GoKhlaYeh
>
> On Tue, 2 Mar 2010 13:49:49 +0000, Rohit Joshi <rj.rohit@xxxxxxxxx> wrote:
>> Hi Gokhlayeh,
>>
>> Very good work.
>>
>> 1) slitaz-icon : for icon theme. E17 flavor is welcome.
>> 2) Please do send your iptables work.
>> 3) Please go ahead and update fotoxx
>>
>> Currently, we have frozen the wok and working on fixing the bugs and
>> improving the pkgs/tools. We are not supposed to add any new pkgs
>> unless they are required for security/bugs/broken purposes.
>>
>> Do you have access to hg repos?? May like to get one if you would like
>> to help out.
>>
>> Rohit
>>
>
> ---
> SliTaz GNU/Linux Mailing list - http://www.slitaz.org/
>
>
---
SliTaz GNU/Linux Mailing list - http://www.slitaz.org/