Getting back to PMfirewall leaving some ports open: I've got a
complete mental block when it comes to comprehending the ipchains rules.
I'm at even more of a total loss with the new iptables in 2.4.x kernels.
I have found that I can completely secure my box, all ports, using a
combination of PMfirewall (all default answers) to write the ipchains rules
for me, and then also starting portsentry (simple instructions for
portsentry setup are in it's docs). Then going to:
http://www.sdesign.com/cgi-bin/fwtest.cgi?APPLY=Scan+Me+Now
and doing the basic scan. Besides their report, I can then read root's
mail (I have kmail set up for this) and the 'attack alert' goes on for
ever. Skimming thru it, SecureDesign's scanner is rejected for every port !
Almost daily while reading root's mail I see a few (prob'ly benign)
attempts to scan or connect to me, all similarly rejected.
--
Dale Earnhardt, the greatest stock car driver ever,
he's won his 8th and His Greatest Championship
Tom Brinkman [EMAIL PROTECTED] Galveston Bay
On Saturday 17 March 2001 08:44 am, Mark Weaver wrote:
> Dan...In some ways we're saying similar things, except as to the point
> of "what" Pmfirewall is. And it is definately "not" a firewall, rather
> it is merely a means to get the ipchains firewall rule-set configured to
> a point to where it's functional. Notice I didn't say ready for prime
> time, but functional. Enough for the user then to open the rules file
> and begin to tweak and fine tune the rule-set so that it becomes what
> you mentioned having setup after uninstalling PM. Were it not for PM I
> would have had to spend a lot more time reading the Ipchains docs and
> scratching my head to get my firewall running.
>
> Since then I've made "many" additions and modifications to the rule-set
> that is "more" the firewall itself then anything else. What I've said
> and have maintained all along is that PM is nothing more then a front
> end, (of sorts...albeit a console front end and not a GUI) configuration
> utility for IPchains. And a darn good one for newbies to cut their teeth
> on and get exposed to the use of Ipchains.
>
> And, God's blessings to you on your endeavor to quit smoking. I know
> what you're going through having been there myself 7 years ago. Your
> opinions were stated just fine. I should have added that my comments
> were given "tongue-in-cheek."
>
> Mark
>
> > If PMfirewall is only going to "Filter" ports ( ie: Ports # 139,
> > 443, 631, etc,..) It's
> > not good enough. The fact that it doesn't tell you this during the
> > configuration, is also
> > misleading. And you're right Mark,...It's not a Windows Program, It's
> > a Linux/Unix
> > program. By default, it should therefore be a MUCH BETTER program !!!
