On 02/18/2013 07:54 PM, Dick Hollenbeck wrote: >> If I have an open linux box with no rules in effect (open box), I can ssh in >> and run >> vuurmuur_conf. vuurmuur -D is not running yet. >> >> One of several rules I add allows me to use ssh, just as I am during the ssh >> session when >> the box is open. >> >> If I then save the rules, then start vuurmuur -D for the first time, my ssh >> session is cut >> off and I do not see the completion of the starting of the daemon. >> >> I also have a serial portconsole on this box (which is headless) so I can >> see that the >> daemon started, and applied the rules OK. But the original ssh ethernet >> session is kaput. >> >> Subsequently I can log in with sshagain, while the daemon is running, and >> the rules are >> fully in effect. >> >> Is this normal to be cut off? Is there a way around it with vuurmuur? >> >> I know that if I hand craft some iptables rules, I can avoid this, and have >> done this OK >> elsewhere. >> > Haven't tried this in a while, but it used to be that if you would load > the ip_conntrack/nf_conntrack_ipv4 module before loading Vuurmuur, it > would consider the connection "established" and let it pass even after > vuurmuur was loaded. > > Cheers, > Victor
Thanks Victor, unfortunately that does not work on my kernel. Any other thoughts? Without this, I cannot use vuurmuur. Is there a way to put a rule like this near the top somehow? -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT Isn't this the one I have on another box, manually crafted, that does this? ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Vuurmuur-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
