WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Confused about firewall 2.6.26 - starting and configuring iptables?  (Read 5442 times)

Offline bigpcman

  • Hero Member
  • *****
  • Posts: 719
I have installed the firewall~.tcz but I don't know how to start it or configure it. I don't see anything new in the ps output and there doesn't seem to be any iptables. Is there a man page for this extension somewhere?
big pc man

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
Re: Confused about firewall 2.6.26 - starting and configuring iptables?
« Reply #1 on: January 17, 2009, 10:12:23 AM »
Try iptables.tcel :)

It has both the iptables utilities for manual config and a basic firewall script that can be started from the menu.
The only barriers that can stop you are the ones you create yourself.

Offline bigpcman

  • Hero Member
  • *****
  • Posts: 719
Re: Confused about firewall 2.6.26 - starting and configuring iptables?
« Reply #2 on: January 17, 2009, 09:56:49 PM »
Thanks for the response. I've tried to locate iptables.tcel and could not find it. As super user from / directory I did:

find . -name iptables.tcel  (nothing found)
find . -name *.tcel   (nothing found)

Any ideas?
big pc man

Offline ^thehatsrule^

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 1726
Re: Confused about firewall 2.6.26 - starting and configuring iptables?
« Reply #3 on: January 17, 2009, 11:20:10 PM »
That kind of filename means it's an extension.  You can grab it from the repository.

Offline bigpcman

  • Hero Member
  • *****
  • Posts: 719
Re: Confused about firewall 2.6.26 - starting and configuring iptables?
« Reply #4 on: January 18, 2009, 08:31:33 AM »
Sorry, I still don't get what you mean. By repository do you mean the tce directory? There is a file called firewall.2.6.26.tczm in tce. Is this what I'm suppose to open to find the utilities? if so what program understands this file format?

-----------------------------------
edit: Ok I did a localinstall of the firewall-2.2.26 extension and then searched for it. I guess it loaded in /tmp/tcloop (see below screen shot) but now what. Do I have to manually unpack all the files in netfilter?
« Last Edit: March 28, 2023, 12:04:28 AM by Rich »
big pc man

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
Re: Confused about firewall 2.6.26 - starting and configuring iptables?
« Reply #5 on: January 18, 2009, 10:22:04 AM »
Sorry, we've been quite unclear here. The userspace tools, iptables, are in a separate extension, you can get it from the appbrowser, or download from here:
ftp://ftp.nluug.nl/pub/metalab/distributions/tinycorelinux/tce/iptables.tcel
The only barriers that can stop you are the ones you create yourself.

Offline bigpcman

  • Hero Member
  • *****
  • Posts: 719
Re: Confused about firewall 2.6.26 - starting and configuring iptables?
« Reply #6 on: January 18, 2009, 07:44:02 PM »
Oh, now I see what you were trying to explain. That makes sense. Just to be clear, are the kernel modules installed and activated when the tce or tcz extensions are obtained by the app browser? Also, I've been reading up on the iptables configuration rule making and was wondering if any of you guys have tried Firewall Builder, the iptables gui (http://www.fwbuilder.org/).
« Last Edit: January 18, 2009, 07:51:19 PM by bigpcman »
big pc man

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
Re: Confused about firewall 2.6.26 - starting and configuring iptables?
« Reply #7 on: January 19, 2009, 07:47:21 AM »
"Activated" is a bit ambiguous term. When an module extension is loaded, the modules become available, but not loaded. They will then load automatically if you plug the device in after that, or you can load them yourself.

For the firewall modules, they get loaded automatically when you set a rule that needs them.
The only barriers that can stop you are the ones you create yourself.

Offline bigpcman

  • Hero Member
  • *****
  • Posts: 719
Re: Confused about firewall 2.6.26 - starting and configuring iptables?
« Reply #8 on: January 19, 2009, 08:30:12 AM »
Thanks that makes sense.
big pc man

Offline thane

  • Hero Member
  • *****
  • Posts: 697
Re: Confused about firewall 2.6.26 - starting and configuring iptables?
« Reply #9 on: August 17, 2009, 03:55:07 PM »
Bump.

I just installed iptables/firewall. I wanted to add the command to launch the firewall (/usr/local/sbin/basic - firewall) to bootlocal.sh.

Should this work? And is there a way to verify the firewall is running? When I launch from the menu the script says it is, but I don't see anything in the control panel processes that obviously relates to the firewall.

Offline Kingdomcome

  • Sr. Member
  • ****
  • Posts: 286
Re: Confused about firewall 2.6.26 - starting and configuring iptables?
« Reply #10 on: August 17, 2009, 04:32:49 PM »
There is no firewall "program" that runs.  iptables firewalling happens in the kernel.  you can see the firewall rules that have been set by the basic script by running "sudo iptables -L" from a terminal

Offline thane

  • Hero Member
  • *****
  • Posts: 697
Re: Confused about firewall 2.6.26 - starting and configuring iptables?
« Reply #11 on: August 17, 2009, 08:55:24 PM »
Thanks, I'll try that.

Offline thane

  • Hero Member
  • *****
  • Posts: 697
Re: Confused about firewall 2.6.26 - starting and configuring iptables?
« Reply #12 on: August 18, 2009, 03:29:58 PM »
OK, the "sudo iptables -L" works, and it looks like adding the /usr/local/sbin/basic-firewall command to bootlocal.sh works (there shouldn't be spaces before and after the dash though).

On the other hand, now I'm a little concerned about the fact that I was running TCL and surfing the web for several months without a firewall. I'm booting off a read-only CD and my PC is behind a router so I guess I wasn't too vulnerable, but someone mentioned having a problem with a similar setup (rootkit?).

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
Re: Confused about firewall 2.6.26 - starting and configuring iptables?
« Reply #13 on: August 28, 2009, 03:56:46 PM »
A firewall isn't really needed if you don't run any servers (ie. they can detect you are online, but cannot connect to you). The only server we run by default is X, and the default disables the networking functionality (-nolisten tcp).

The router should have blocked all calls your way, so even your presence shouldn't have shown.
The only barriers that can stop you are the ones you create yourself.