Re: [Firestarter-user] command line question
Brought to you by:
majix
From: Paul D. <pd...@ci...> - 2002-09-18 02:02:19
|
On Tue, 2002-09-17 at 01:46, John Davis wrote: > First,=20 > I love the firewall, but I don't need the gui. Is there a reference > somewhere that's more command-line oriented for Firestarter? I know I co= uld > just add stuff via the gui, comment it out and use it as a reference but = I > would like to know how to do it the right way if I ever had to. (I manage= my > servers via ssh) Doubt it, at least for the GNOME 1.x series. For Firestarter 0.9.x (GNOME 2.0) -- i'm working on a text based configuration setup (firestarter.conf) -- if you edit the file with a text editor then run the wizard, it'll spit out a firewall based on those choices. The project has only just been started and it requires bits of the firewall parser to be rewritten, so it'll probably take me a month or two to get things going .. obviously i'll post to the list once it's ready for serious beatings. =20 > Is there a way to start firestarter from the command line? I'd like to ad= d a > startup command to the rc.local . Right now, starting from the command li= ne > returns an error: The firewall script itself can be started by: /etc/firestarter/firewall.sh if you add that on the the end of rc.local and remove the /etc/rc.d/init.d/firestarter file, you should get the desired result =20 > iptables: No chain/target/match by that name Has the connection to the internet been established yet? if so, you might have been hit by the TTL bug .. you might find this error can be solved by upgrading your iptables installation to 1.2.5 or better. > (though the firewall still appears to work). Also, is there a way to re-r= ead > the deny-all file after adding an IP address into it? The deny-all file is just a standard script, if you don't want to re-read it by restarting the firewall -- you could just execute the /etc/firestarter/deny-all file from the command prompt. =20 > Finally, when forwarding SSH traffic, I find that I can't connect from th= e > workstations inside the firewall with SSH. Will adding the IP address of = the > workstations into the "allow-all" file fix that problem? What version of SSH are you running?, versions of OpenSSH before 3.1p1 seem to do this on my test installations - if the fix you've proposed above doesn't work, you might want to try upgrading your OpenSSH install and see if that fixes it. Regards, Paul |