Thread: [Fwbuilder-discussion] stopping the firewall
Brought to you by:
mikehorn
From: Niumar A. K. <ni...@so...> - 2010-04-30 14:02:17
|
Hi again! I saw that now Fwbuilder implements parameters to pass to iptables script. I note that when I use the stop parameter, my firewall goes down, but the policy in the chains remains in DROP state. Is this right? I think this is a little bit dangerous specially over remote ssh connections. Watching the script, I saw that the stop action runs the function reset_iptables_v4() that sets the policy to DROP and clears the tables. Thanks, Niunar -- Engº Niumar André Klein Analista de rede/servidores SOLIS - Cooperativa de Soluções Livres www.solis.coop.br |
From: Paul C. L. <pc...@gm...> - 2010-04-30 14:31:20
|
Ditto. 2010/4/30 Niumar André Klein <ni...@so...>: > Hi again! > > > I saw that now Fwbuilder implements parameters to pass to iptables > script. I note that when I use the stop parameter, my firewall goes > down, but the policy in the chains remains in DROP state. Is this right? > I think this is a little bit dangerous specially over remote ssh > connections. > Watching the script, I saw that the stop action runs the function > reset_iptables_v4() that sets the policy to DROP and clears the tables. > > Thanks, > Niunar > > -- > Engº Niumar André Klein > Analista de rede/servidores > SOLIS - Cooperativa de Soluções Livres > www.solis.coop.br > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Fwbuilder-discussion mailing list > Fwb...@li... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion > > |
From: Vadim K. <va...@vk...> - 2010-04-30 15:23:15
|
2010/4/30 Niumar André Klein <ni...@so...>: > Hi again! > > > I saw that now Fwbuilder implements parameters to pass to iptables > script. I note that when I use the stop parameter, my firewall goes > down, but the policy in the chains remains in DROP state. Is this right? > I think this is a little bit dangerous specially over remote ssh > connections. > Watching the script, I saw that the stop action runs the function > reset_iptables_v4() that sets the policy to DROP and clears the tables. > this is right. Default action ACCEPT would leave firewall wide open when it is stopped. You can use options provided in the advanced firewall settings dialog, tab "Compiler", where you can specify addresses that should always be permitted ssh access to the firewall. There is also a checkbox that makes fwbuilder add rules to permit ssh access from the same addresses when firewall is stopped. This seems to address your concern. --vk > Thanks, > Niunar > > -- > Engº Niumar André Klein > Analista de rede/servidores > SOLIS - Cooperativa de Soluções Livres > www.solis.coop.br > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Fwbuilder-discussion mailing list > Fwb...@li... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion > > |