Re: Contribution to Slitaz - firewall.conf

[ Thread Index | Date Index | More Archives ]

Hi Gokhlayeh,

Just checking if you have missed to attach your firewall.conf or is it
just 1 line.

Can you also add a quick guide on setting up a firewall in slitaz here:

Note, there is an official guide too:



On Thu, Mar 4, 2010 at 4:51 PM,  <gokhlayeh@xxxxxxxxxx> wrote:
> Hi Rohit,
> Here is my firewall.conf. The important line is :
> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> It block all input connections wich are not initialized by user. Please
> note that iptables don't filter ipv6 (ip6tables do that). So I add :
> blacklist ipv6
> In my /etc/modprobe.d/blacklist.conf. I think it can be a good solution by
> default because ipv6 is not necessary for most users at this moment. With
> this firewall.conf and with ipv6 blacklisted the firewall is well
> configured by default (my reference, in french, is
> It's
> quite old but seems correct at this time). If you don't blacklist ipv6, you
> make a whole in your iptables firewall, and users who install it don't want
> that :).
> In conclusion I suggest that iptables use this conf and blacklist ipv6
> module by default when installed, tell user how to re-activate it and warn
> about consequences.
> Peoples who maintain servers must open input port one by one for new
> connections established by others. I keep the exemples in the config file.
> I've no access to hg repo and I can eventually use one to update some
> little fixs like missing depends or update recipes, but at this time I
> prefer send "majors" changes, or thoses wich concern the core, on the list
> and let you make the decisions at this important point of the development.
> I will send the recipes for fotoxx & depends soon.
> GoKhlaYeh
> On Tue, 2 Mar 2010 13:49:49 +0000, Rohit Joshi <rj.rohit@xxxxxxxxx> wrote:
>> Hi Gokhlayeh,
>> Very good work.
>> 1) slitaz-icon : for icon theme. E17 flavor is welcome.
>> 2) Please do send your iptables work.
>> 3) Please go ahead and update fotoxx
>> Currently, we have frozen the wok and working on fixing the bugs and
>> improving the pkgs/tools. We are not supposed to add any new pkgs
>> unless they are required for security/bugs/broken purposes.
>> Do you have access to hg repos?? May like to get one if you would like
>> to help out.
>> Rohit
> ---
> SliTaz GNU/Linux Mailing list -

SliTaz GNU/Linux Mailing list -

Mail converted by MHonArc 2.6.19+