Hi Marco,

thanks for your report. Could you please provide your configuration
files:

/etc/arno-iptables-firewall/debconf.cfg
/etc/arno-iptables-firewall/firewall.conf

Please be sure to remove any possibly confidential information from it
before posting.

Thanks,

Michael


On Wed, Feb 27, 2008 at 11:58:21AM +0100, Marco Rijnsburger wrote:
> Package: arno-iptables-firewall
> Version: 1.8.8.i-2
> Severity: important
> 
> 
> 
> -- System Information:
> Debian Release: lenny/sid
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: sparc (sparc64)
> 
> Kernel: Linux 2.6.18-3-sparc64-smp (SMP w/1 CPU core)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
> 
> Versions of packages arno-iptables-firewall depends on:
> ii  debconf [debconf-2.0]   1.5.19           Debian configuration management 
> sy
> ii  gawk                    1:3.1.5.dfsg-4   GNU awk, a pattern scanning and 
> pr
> ii  iptables                1.3.8.0debian1-1 administration tools for packet 
> fi
> ii  lynx                    2.8.6-2          Text-mode WWW Browser
> 
> Versions of packages arno-iptables-firewall recommends:
> ii  iproute                       20080108-1 Professional tools to control 
> the 
> 
> -- debconf information:
> * arno-iptables-firewall/config-int-nat-net: 172.16.2.0
> * arno-iptables-firewall/dynamic-ip: false
> * arno-iptables-firewall/config-int-net: 255.255.255.0
> * arno-iptables-firewall/icmp-echo: true
> * arno-iptables-firewall/services-udp: 53
>   arno-iptables-firewall/title:
> * arno-iptables-firewall/config-ext-if: eth0
> * arno-iptables-firewall/services-tcp: 25 53 110 143 443 10000
> * arno-iptables-firewall/restart: true
> * arno-iptables-firewall/config-int-if: eth1
> * arno-iptables-firewall/nat: true
> * arno-iptables-firewall/debconf-wanted: true
> 
> # ./arno-iptables-firewall start
> Arno's Iptables Firewall Script 1.8.8.i-2
> -------------------------------------------------------------------------------
> Sanity checks passed...OK
> Detected IPTABLES module... Loading additional IPTABLES modules:
> All IPTABLES modules loaded!
> Setting the kernel ring buffer to only log panic messages to the console
> Configuring /proc/.... settings:
>  Enabling anti-spoof with rp_filter
>  Enabling SYN-flood protection via SYN-cookies
>  Disabling the logging of martians
>  Disabling the acception of ICMP-redirect messages
>  Setting the max. amount of simultaneous connections to 16384
>  Enabling protection against source routed packets
>  Setting default conntrack timeouts
>  Enabling reduction of the DoS'ing ability
>  Setting Default TTL=64
>  Disabling ECN (Explicit Congestion Notification)
>  Enabling support for dynamic IP's
>  Flushing route table
> /proc/ setup done...
> Flushing rules in the filter table
> Setting default (secure) policies
> Using loglevel "info" for syslogd
> 
> Setting up firewall rules:
> -------------------------------------------------------------------------------
> Accepting packets from the local loopback device
> Enabling setting the maximum packet size via MSS
> Enabling mangling TOS
> Logging of stealth scans (nmap probes etc.) enabled
> iptables: Invalid argument
> iptables: Invalid argument
> iptables: Invalid argument
> iptables: Invalid argument
> iptables: Invalid argument
> iptables: Invalid argument
> iptables: Invalid argument
> Logging of packets with bad TCP-flags enabled
> iptables: Invalid argument
> iptables: Invalid argument
> Logging of INVALID packets disabled
> Logging of fragmented packets enabled
> iptables: Invalid argument
> Logging of access from reserved addresses enabled
> iptables: Invalid argument
> iptables: Invalid argument
> iptables: Invalid argument
> iptables: Invalid argument
> Setting up anti-spoof rules
> Reading custom IPTABLES rules from /etc/arno-iptables-firewall/custom-rules
> Loading (user) plugins
> iptables: Invalid argument
> Setting up INPUT policy for the external net (INET):
> iptables: Invalid argument
> iptables: Invalid argument
> iptables: Invalid argument
> iptables: Invalid argument
> Enabling support for a DHCP assigned IP on external interface(s): eth0
> Logging of explicitly blocked hosts enabled
> Logging of denied local output connections enabled
> Packets will NOT be checked for private source addresses
> Allowing the whole world to connect to TCP port(s): 22
> Allowing the whole world to send ICMP-requests(ping)
> iptables: Invalid argument
> Logging of dropped ICMP-request(ping) packets enabled
> iptables: Invalid argument
> Logging of dropped other ICMP packets enabled
> iptables: Invalid argument
> iptables: Invalid argument
> iptables: Invalid argument
> iptables: Invalid argument
> Logging of possible stealth scans enabled
> iptables: Invalid argument
> iptables: Invalid argument
> Logging of (other) connection attempts to PRIVILEGED TCP ports enabled
> iptables: Invalid argument
> Logging of (other) connection attempts to PRIVILEGED UDP ports enabled
> iptables: Invalid argument
> Logging of (other) connection attempts to UNPRIVILEGED TCP ports enabled
> iptables: Invalid argument
> Logging of (other) connection attempts to UNPRIVILEGED UDP ports enabled
> iptables: Invalid argument
> Logging of other IP protocols (non TCP/UDP/ICMP) connection attempts enabled
> iptables: Invalid argument
> Logging of ICMP flooding enabled
> iptables: Invalid argument
> iptables: Invalid argument
> iptables: Invalid argument
> iptables: Invalid argument
> iptables: Invalid argument
> iptables: Invalid argument
> Applying INET policy to external (INET) interface: eth0 (without an external
> su)
> iptables: Invalid argument
> Setting up INPUT policy for internal (LAN) interface(s): eth1 eth2
>  Allowing ICMP-requests(ping)
> iptables: Invalid argument
> iptables: Invalid argument
>  Allowing all (other) protocols
> iptables: Invalid argument
> Setting up FORWARD policy for internal (LAN) interface(s): eth1 eth2
>  Logging of denied LAN->INET FORWARD connections enabled
>  Setting up LAN->INET policy:
>   Allowing ICMP-requests(ping)
> iptables: Invalid argument
> iptables: Invalid argument
>   Allowing all (other) protocols
> Security is ENFORCED for external interface(s) in the FORWARD chain
> iptables: Invalid argument
> 
> Feb 27 11:55:28 All firewall rules applied.
> 

-- 
GPG key:  1024D/3144BE0F Michael Hanke
http://apsy.gse.uni-magdeburg.de/hanke
ICQ: 48230050



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to