ktsaou
c48a98eee7
Fixed a minor bug in kernel module handling that made it not detect that
...
ip_tables is already compiled (or loaded) in the kernel.
2003-08-19 22:21:32 +00:00
ktsaou
6810350605
More Gentoo compatibility (mainly change of port names to port numbers in
...
services).
2003-07-31 20:44:45 +00:00
ktsaou
c4843a5579
Minor changes for gentoo compatibility (SAVE feature)
...
.
2003-07-27 22:58:59 +00:00
ktsaou
3e5219f280
Added service HYLAFAX, although experimental.
2003-07-20 22:45:50 +00:00
ktsaou
77e3e68ca5
As suggested by "Francisco Javier Félix Belmonte" <ffelix@gescosoft.com>
...
fixed all EOF statements in order to produce cleaner iptables run script.
2003-07-20 22:14:28 +00:00
ktsaou
dac981aaa2
Added service POSTGRES.
2003-07-20 21:52:41 +00:00
ktsaou
ac10d81534
Added TIME service.
2003-07-20 21:50:29 +00:00
ktsaou
9388014f2b
Changed service CUPS ports to numeric. Gentoo does not have this defined.
2003-07-20 21:48:01 +00:00
ktsaou
318c025726
Added --cmd-owner support.
2003-07-20 21:46:41 +00:00
ktsaou
5928af285d
Added service webmin.
2003-06-30 22:18:46 +00:00
ktsaou
fd502a035e
Added jabber and jabberd services.
2003-06-30 22:07:01 +00:00
ktsaou
efeca5adba
Aesthetic changes in mac helper.
2003-06-28 23:22:49 +00:00
ktsaou
67b3f9fa8c
Updated service LPD according to RFCs, and now it accepts only ports
...
721 to 731 inclusive, plus the default client ports.
2003-06-28 21:26:20 +00:00
ktsaou
14a6a38e79
Reverted DEFAULT_CLIENT_PORTS to 1024+ (was 1000+)
...
Made LPD client ports "any".
2003-06-28 20:52:09 +00:00
ktsaou
692d614c50
Added the "mac" optional rule parameter, that matches the source mac
...
address of packets.
Added the "mac" helper that verifies that packets comming in from a
specific source IP address, always come from a specific MAC address.
This applies to the whole firewall (INPUT and FORWARD).
2003-06-18 22:56:24 +00:00
ktsaou
94a31d71b6
Added FIREHOL_INPUT_ACTIVATION_POLICY, FIREHOL_OUTPUT_ACTIVATION_POLICY,
...
and FIREHOL_FORWARD_ACTIVATION_POLICY to control the firewall default
policy during firewall activation.
2003-06-18 21:44:52 +00:00
ktsaou
320152e875
Optimized RESERVED_IPS as suggested by Marc 'HE' Brockschmidt
...
<marc@marcbrockschmidt.de>.
2003-06-11 07:00:24 +00:00
ktsaou
5a44cbbffe
Added MSN and DCPP services.
2003-06-10 21:27:46 +00:00
ktsaou
f747037d25
Added man page for firehol.conf, contributed by
...
"Marc 'HE' Brockschmidt" <marc@marcbrockschmidt.de>
Thanks Marc.
2003-06-10 20:44:27 +00:00
ktsaou
3e7421d755
Made FireHOL mv /etc/firehol.conf to /etc/firehol/firehol.conf, if
...
/etc/firehol (directory) does not exist.
Also, made _CMD variables better detect wrong situations, such as
multiple instanses of the same command, command not found, etc.
2003-05-22 19:39:53 +00:00
ktsaou
90931fecf6
Made default config in /etc/firehol/firehol.conf to comform with various
...
distributions that prefer it this way (Gentoo).
This will also allow to have services.d within this directory.
2003-05-01 01:30:23 +00:00
ktsaou
032abaacdd
"Marc 'HE' Brockschmidt" <marc@marcbrockschmidt.de> wrote:
...
Today, I've tried to debianize firehol, but noticed a few problems
(eg. the need for a force-reload-option for every init-script [you could
realize it as an alias for restart]).
I've corrected a few " !!!" (As a reader of Terry Pratchett, I had to
kill them ;-)
I'm attaching a patch for these issues.
I've also created a manpage for FireHOL, and I'm working on the manpage
for firehole.conf.
---
Thank you Marc.
2003-04-30 23:29:47 +00:00
ktsaou
9e71125a19
Fixed a 'touch' cmd to use the external command system.
2003-04-24 08:15:08 +00:00
ktsaou
4884040765
Made HELPME detect duplicate routers and prevent multiple definitions
...
of them.
2003-04-24 08:12:51 +00:00
ktsaou
3d0dc572bf
Eliminated duplicate router definitions in HELPME, when an interface
...
has multiple IPs on the same subnet.
2003-04-23 20:42:26 +00:00
ktsaou
c425e713d8
FireHOL now stops the firewall with its own logic (without calling
...
/etc/init.d/iptables) since some distribution do not have this.
2003-04-20 10:18:10 +00:00
ktsaou
2bc1846dae
Module management can now be controlled with FIREHOL_LOAD_KERNEL_MODULES.
...
Default value is 1, it can be set to 0 to disable module management.
Also, now FireHOL automatically detects if ip_tables and ip_conntrack
are build into the kernel, by looking for relative files in /proc/net.
2003-04-18 20:52:44 +00:00
ktsaou
a826bfa1c3
Removed all hard-coded references to external commands and made a dynamic
...
list at the top of FireHOL. Now FireHOL will refuse to run if some command
is missing.
2003-04-08 00:12:02 +00:00
ktsaou
9b309c9143
Fixed MIRROR statements to produce REJECT on the OUTPUT of the host.
2003-03-19 21:51:56 +00:00
ktsaou
41e429b128
Copyright notices now print year 2003.
2003-03-18 21:27:35 +00:00
ktsaou
0c5eb0d73e
Cosmetic changes in 'helpme'
2003-03-17 23:03:00 +00:00
ktsaou
33f8946676
Fixed broken 'helpme' detection of networks behind gateways. Now it works.
2003-03-17 22:57:26 +00:00
ktsaou
b915a00360
'helpme' now detects multiple overlapping networks defined for the same
...
interface. In such cases it only defines the wider network.
2003-03-17 22:42:18 +00:00
ktsaou
052e7844d6
Made 'helpme' detect point-to-point routes better.
2003-03-16 22:13:30 +00:00
ktsaou
ab4ada21cb
Added service 'socks'.
2003-03-15 01:24:19 +00:00
ktsaou
ff8f6e8433
'panic' now prevent you from loosing the SSH you are issuing this command
...
by allowing the established connection specified in the environment
variable SSH_CLIENT (only if it exists: it is lost if you su -, you should
su without the minus).
Also, the panic argument takes one optional argument. This can be an IP
address in which case all established connections between the host and this
IP will be allowed.
2003-03-15 00:59:27 +00:00
ktsaou
0df8d5110c
The squid service has been defined with numeric port numbers because
...
Debian systems have not this service defined.
2003-03-14 21:22:37 +00:00
ktsaou
9335770dca
Command line argument 'panic' does not call the system's iptables script
...
but blocks all traffic by itself, since many systems do not have the
'panic' argument.
2003-03-14 20:59:07 +00:00
ktsaou
e0b1570dd2
Added FIREHOL_AUTOSAVE variable that controls the file that is saved with
...
the 'save' argument of FireHOL. By default this variable is empty in which
case FireHOL detects RedHat and Debian systems and saves it to the right
place.
2003-03-14 20:36:52 +00:00
ktsaou
65dbe74904
'helpme' now allows ICMP traffic by default.
2003-03-07 23:34:29 +00:00
ktsaou
1e18a727a4
Fixed double quoting in router statements produced by 'helpme'.
2003-03-07 23:17:38 +00:00
ktsaou
4d2812c723
'helpme' handles multiple networks in router statements.
2003-03-07 23:12:15 +00:00
ktsaou
efa4baa6d2
'helpme' mode does not require a configuration file present.
2003-03-07 23:01:31 +00:00
ktsaou
07a429ac05
Made it not ignore the default route in 'helpme' routers.
2003-03-07 09:19:19 +00:00
ktsaou
6ecf404948
Minor changes in 'helpme' generation.
2003-03-06 08:18:49 +00:00
ktsaou
0982c89ea3
Made it ignore a default gateway when there was a P-t-P default gateways
...
found.
2003-03-05 22:06:51 +00:00
ktsaou
8f185c5880
Made the 'helpme' feature append another interface for the default gateway.
2003-03-05 18:23:57 +00:00
ktsaou
8cd37417e8
Minor changes in the default help page presented by FireHOL.
2003-03-05 00:33:56 +00:00
ktsaou
513f0518aa
Re-wrote 'helpme' to detect multiple IPs and networks per interfaces,
...
and to produce multiple interfaces for each IP. This means that FireHOL
is somewhat smart to match IPs with networks and interfaces, to detect
networks behind gateways, default gateways on point-to-point interfaces,
and to produce router statements matching the interfaces detected above.
2003-03-05 00:11:56 +00:00
ktsaou
500c0c6468
Made 'helpme' ignore interfaces that do not have an IP or no traffic is
...
routed to them (no route).
2003-03-03 21:51:04 +00:00