On Sat, 23 Nov 2002 [EMAIL PROTECTED] wrote:
>
> I have activated the firewall for my machine through
> setup->firewall configuration menu. Now, I know it's working
> because I did a probe on may machine a www.grc.com before and
> after enabling the firewall, before the activation of the
> firewall some ports were just "closed" now all the tested ports
> were "stealth", so the firewall works.
>
> My problem is that scanning attempts don't seem to be logged.
> Were are these scans logged by the firewall and what should I do
> (if anything) to start logging them ?
>
To verify that it's ipchains you're running, check that you have a
file /etc/sysconfig/ipchains, which is what is used to setup the rules
when ipchains is started, or do "ipchains -L" (to list the ipchains rules
currently in the kernel). To get logging messages on connection attempts
that are denied or rejected, edit /etc/sysconfig/ipchains so that the
corresponding lines with "-j DENY" or "-j REJECT" also have "-l" (that's
lower case L). See "man ipchains". Then do "service ipchains restart".
But before you edit /etc/sysconfig/ipchains, it would be a good idea to
save the current version somewhere so that it can be restored if
necessary.
> And another question, does the forewall setup tool from rh 7.1
> use iptables or ipchains ?
>
>
>
>
--
Steven Yellin
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
