[Shorewall-newbies] firewall setup error help! please! asap

Alex Martin shorewall at rettc.com
Sun Dec 7 16:12:01 PST 2003


Look at /etc/shorewall/policy

This blocks all incoming traffic by default (depending on your setup)
Like: net loc drop info
This means, unless you have rules elsewhere, that all traffic will be 
dropped. The info part means that dropped traffic will be logged.

If you are not familiar with how your box is setup, I would start with a 
fresh shorewall install, because in that case you will be secured, and 
then all you have to do uis enable the traffic you want in 
/etc/shorewall/rules. You will see traffic that is being blocked by the 
default policy in the logs, so it will be easy to start from scratch. 
This way you will also learn how your firewall works and is setup.

If you have more trouble post back, and look at 
www.shorewall.net/support.htm, and post the info requested there.

Regards,
Alex Martin
http://www.rettc.com




Sterling Martin wrote:

> Help! i'm a newbie at this firewall stuff  and  my system was hacked and 
> i need to get this fixed asap.... i am using the leaf shorewall firewall 
> program on disk... kinda scary if you ask me ( i didn't set it up)  the 
> guy that set it up originally is gone... can someone please tell me how 
> to set up the rules file to block all access to my mail servers & 
> gateways  at the firewall and send all incoming mail to one of the 
> gateways ... i use postfix and amdvisa , spammassin etc on a primary and 
> backup mail gateway that forwards the mail ( after it has been cleaned 
> up) to a seperate mail server box with imail on it...
> 
> my webserver got hacked and i want ( i NEED is more like it :)  to block 
> all access to that server except for SSL, http and some ftp  can you 
> tell me how to "code" that rule ... i was reading the docs (which is 
> greek to me) but everything seems to point to allowing things in ...not 
> blocking ..is that right?
> 
> one last question.... i see it has allow ping to server by "default" ... 
> isn't that something you'd want turned off?  not allowed... what useful 
> purpose does that serve... i was going to turn it off but wasn't sure 
> what effect that may have on the operation of my system.... can i turn 
> that off without hurting anything...
> 
> 
> thanks GREATLY in advance!
> 
> i await your speedy reply ............
> 
> 
> Sheldon Steele
> 
> _________________________________________________________________
> Shop online for kids’ toys by age group, price range, and toy category 
> at MSN Shopping. No waiting for a clerk to help you! 
> http://shopping.msn.com
> 
> _______________________________________________
> Shorewall-newbies mailing list
> Post: Shorewall-newbies at lists.shorewall.net
> Subscribe/Unsubscribe: 
> https://lists.shorewall.net/mailman/listinfo/shorewall-newbies
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm



More information about the Shorewall-newbies mailing list