Package: arno-iptables-firewall Version: 1.8.8.i-2 Severity: important
-- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: sparc (sparc64) Kernel: Linux 2.6.18-3-sparc64-smp (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages arno-iptables-firewall depends on: ii debconf [debconf-2.0] 1.5.19 Debian configuration management sy ii gawk 1:3.1.5.dfsg-4 GNU awk, a pattern scanning and pr ii iptables 1.3.8.0debian1-1 administration tools for packet fi ii lynx 2.8.6-2 Text-mode WWW Browser Versions of packages arno-iptables-firewall recommends: ii iproute 20080108-1 Professional tools to control the -- debconf information: * arno-iptables-firewall/config-int-nat-net: 172.16.2.0 * arno-iptables-firewall/dynamic-ip: false * arno-iptables-firewall/config-int-net: 255.255.255.0 * arno-iptables-firewall/icmp-echo: true * arno-iptables-firewall/services-udp: 53 arno-iptables-firewall/title: * arno-iptables-firewall/config-ext-if: eth0 * arno-iptables-firewall/services-tcp: 25 53 110 143 443 10000 * arno-iptables-firewall/restart: true * arno-iptables-firewall/config-int-if: eth1 * arno-iptables-firewall/nat: true * arno-iptables-firewall/debconf-wanted: true # ./arno-iptables-firewall start Arno's Iptables Firewall Script 1.8.8.i-2 ------------------------------------------------------------------------------- Sanity checks passed...OK Detected IPTABLES module... Loading additional IPTABLES modules: All IPTABLES modules loaded! Setting the kernel ring buffer to only log panic messages to the console Configuring /proc/.... settings: Enabling anti-spoof with rp_filter Enabling SYN-flood protection via SYN-cookies Disabling the logging of martians Disabling the acception of ICMP-redirect messages Setting the max. amount of simultaneous connections to 16384 Enabling protection against source routed packets Setting default conntrack timeouts Enabling reduction of the DoS'ing ability Setting Default TTL=64 Disabling ECN (Explicit Congestion Notification) Enabling support for dynamic IP's Flushing route table /proc/ setup done... Flushing rules in the filter table Setting default (secure) policies Using loglevel "info" for syslogd Setting up firewall rules: ------------------------------------------------------------------------------- Accepting packets from the local loopback device Enabling setting the maximum packet size via MSS Enabling mangling TOS Logging of stealth scans (nmap probes etc.) enabled iptables: Invalid argument iptables: Invalid argument iptables: Invalid argument iptables: Invalid argument iptables: Invalid argument iptables: Invalid argument iptables: Invalid argument Logging of packets with bad TCP-flags enabled iptables: Invalid argument iptables: Invalid argument Logging of INVALID packets disabled Logging of fragmented packets enabled iptables: Invalid argument Logging of access from reserved addresses enabled iptables: Invalid argument iptables: Invalid argument iptables: Invalid argument iptables: Invalid argument Setting up anti-spoof rules Reading custom IPTABLES rules from /etc/arno-iptables-firewall/custom-rules Loading (user) plugins iptables: Invalid argument Setting up INPUT policy for the external net (INET): iptables: Invalid argument iptables: Invalid argument iptables: Invalid argument iptables: Invalid argument Enabling support for a DHCP assigned IP on external interface(s): eth0 Logging of explicitly blocked hosts enabled Logging of denied local output connections enabled Packets will NOT be checked for private source addresses Allowing the whole world to connect to TCP port(s): 22 Allowing the whole world to send ICMP-requests(ping) iptables: Invalid argument Logging of dropped ICMP-request(ping) packets enabled iptables: Invalid argument Logging of dropped other ICMP packets enabled iptables: Invalid argument iptables: Invalid argument iptables: Invalid argument iptables: Invalid argument Logging of possible stealth scans enabled iptables: Invalid argument iptables: Invalid argument Logging of (other) connection attempts to PRIVILEGED TCP ports enabled iptables: Invalid argument Logging of (other) connection attempts to PRIVILEGED UDP ports enabled iptables: Invalid argument Logging of (other) connection attempts to UNPRIVILEGED TCP ports enabled iptables: Invalid argument Logging of (other) connection attempts to UNPRIVILEGED UDP ports enabled iptables: Invalid argument Logging of other IP protocols (non TCP/UDP/ICMP) connection attempts enabled iptables: Invalid argument Logging of ICMP flooding enabled iptables: Invalid argument iptables: Invalid argument iptables: Invalid argument iptables: Invalid argument iptables: Invalid argument iptables: Invalid argument Applying INET policy to external (INET) interface: eth0 (without an external su) iptables: Invalid argument Setting up INPUT policy for internal (LAN) interface(s): eth1 eth2 Allowing ICMP-requests(ping) iptables: Invalid argument iptables: Invalid argument Allowing all (other) protocols iptables: Invalid argument Setting up FORWARD policy for internal (LAN) interface(s): eth1 eth2 Logging of denied LAN->INET FORWARD connections enabled Setting up LAN->INET policy: Allowing ICMP-requests(ping) iptables: Invalid argument iptables: Invalid argument Allowing all (other) protocols Security is ENFORCED for external interface(s) in the FORWARD chain iptables: Invalid argument Feb 27 11:55:28 All firewall rules applied. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
