Tom,
That's how I've got my system running and I've found the combination to
a very good one. As for wrapping your brain around the IPchains rules
and such. I can appreciate how you're feeling having been there myself.
It took a little while of looking at the man pages and then reading and
re-reading the HOWTO for IPchains about 6 times, and even after all that
I didn't really start to catch on until after I installed PMfirewall. I
started studying the actual rule-set and seeing how they're constructed
and things gradually began to dawn on me about what they're doing. Also
how to manipulate them to get them to do what I want them to do.
Mark
Tom Brinkman wrote:
>
> Getting back to PMfirewall leaving some ports open: I've got a
> complete mental block when it comes to comprehending the ipchains rules.
> I'm at even more of a total loss with the new iptables in 2.4.x kernels.
> I have found that I can completely secure my box, all ports, using a
> combination of PMfirewall (all default answers) to write the ipchains rules
> for me, and then also starting portsentry (simple instructions for
> portsentry setup are in it's docs). Then going to:
> http://www.sdesign.com/cgi-bin/fwtest.cgi?APPLY=Scan+Me+Now
> and doing the basic scan. Besides their report, I can then read root's
> mail (I have kmail set up for this) and the 'attack alert' goes on for
> ever. Skimming thru it, SecureDesign's scanner is rejected for every port !
> Almost daily while reading root's mail I see a few (prob'ly benign)
> attempts to scan or connect to me, all similarly rejected.
> --
> Dale Earnhardt, the greatest stock car driver ever,
> he's won his 8th and His Greatest Championship
> Tom Brinkman [EMAIL PROTECTED] Galveston Bay
>
> On Saturday 17 March 2001 08:44 am, Mark Weaver wrote:
> > Dan...In some ways we're saying similar things, except as to the point
> > of "what" Pmfirewall is. And it is definately "not" a firewall, rather
> > it is merely a means to get the ipchains firewall rule-set configured to
> > a point to where it's functional. Notice I didn't say ready for prime
> > time, but functional. Enough for the user then to open the rules file
> > and begin to tweak and fine tune the rule-set so that it becomes what
> > you mentioned having setup after uninstalling PM. Were it not for PM I
> > would have had to spend a lot more time reading the Ipchains docs and
> > scratching my head to get my firewall running.
> >
> > Since then I've made "many" additions and modifications to the rule-set
> > that is "more" the firewall itself then anything else. What I've said
> > and have maintained all along is that PM is nothing more then a front
> > end, (of sorts...albeit a console front end and not a GUI) configuration
> > utility for IPchains. And a darn good one for newbies to cut their teeth
> > on and get exposed to the use of Ipchains.
> >
> > And, God's blessings to you on your endeavor to quit smoking. I know
> > what you're going through having been there myself 7 years ago. Your
> > opinions were stated just fine. I should have added that my comments
> > were given "tongue-in-cheek."
> >
> > Mark
> >
> > > If PMfirewall is only going to "Filter" ports ( ie: Ports # 139,
> > > 443, 631, etc,..) It's
> > > not good enough. The fact that it doesn't tell you this during the
> > > configuration, is also
> > > misleading. And you're right Mark,...It's not a Windows Program, It's
> > > a Linux/Unix
> > > program. By default, it should therefore be a MUCH BETTER program !!!
