I installed guarddog thru adept manager. played with it, and messed something up. I unimstalled guarddog, how can I get everything back to default (the way kubuntu had it set up at install
thanks
thanks
-
-
Re: firewall troubles!!!!
When you changed settings in Gaurddog you actually change settings in IPTables. Even with removing Gaurddog the rules in IPTables remain the same.
I always recommend making notes of what you change so you can set it back to the state it was in before you started.
Let's start by running this:
Then please post the result here.Code:sudo iptables -L
[mad]BerryCheck out my website with Kubuntu how to's: madberry.org -
Re: firewall troubles!!!!
Thanks for the help...I guess I can keep guarddog, but just do not understand what to check and what not to
here is the output from the command..
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- Kubuntu.home 192.168.1.255
logaborted tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp flags:RST/RST
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
nicfilt all -- anywhere anywhere
srcfilt all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
srcfilt all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
s1 all -- anywhere anywhere
Chain f0to1 (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:6881:6889 state NEW
logdrop all -- anywhere anywhere
Chain f1to0 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:6969 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:rsync state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:https state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:smtp state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt
op3 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:6881:6889 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:www state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:webcache state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8008 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8000 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8888 state NEW
logdrop all -- anywhere anywhere
Chain logaborted (1 references)
target prot opt source destination
logaborted2 all -- anywhere anywhere limit: avg 1/sec burst 10
LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
Chain logaborted2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `ABORTED '
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain logdrop (4 references)
target prot opt source destination
logdrop2 all -- anywhere anywhere limit: avg 1/sec burst 10
LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
DROP all -- anywhere anywhere
Chain logdrop2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `DROPPED '
DROP all -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
logreject2 all -- anywhere anywhere limit: avg 1/sec burst 10
LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
DROP all -- anywhere anywhere
Chain logreject2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `REJECTED '
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
DROP all -- anywhere anywhere
Chain nicfilt (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
logdrop all -- anywhere anywhere
Chain s0 (1 references)
target prot opt source destination
f0to1 all -- anywhere Kubuntu.home
f0to1 all -- anywhere 192.168.1.255
f0to1 all -- anywhere localhost
logdrop all -- anywhere anywhere
Chain s1 (1 references)
target prot opt source destination
f1to0 all -- anywhere anywhere
Chain srcfilt (2 references)
target prot opt source destination
s0 all -- anywhere anywhere
Comment
-
Re: firewall troubles!!!!
You might want to try Firestarter better to understand I think..
[mad]BerryCheck out my website with Kubuntu how to's: madberry.orgComment
-
Re: firewall troubles!!!!
Thanks I installed it. Went through the setup wizard. I see nothing to do now?
thANKSComment
-
Re: firewall troubles!!!!
About IPTables > Ubuntu community - IPTables HowTo
About reset > Ubuntu forums - Reset iptables
Q:
A:Yea, I kinda messed 'em up and now my Linux box wont connect to the internet.
iptables --flush
man iptables tells:
Here:-F, --flush [chain]
Flush the selected chain (all the chains in the table if none is given). This is equivalent to deleting all the rules one by one.
~$ sudo iptables -L
[sudo] password for rog:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationBefore you edit, BACKUP !
Why there are dead links ?
1. Thread: Please explain how to access old kubuntu forum posts
2. Thread: Lost InformationComment
-
Re: firewall troubles!!!!
Thanks, let me ask a question...
How is iptables set up when Kubuntu is first installed?
If I do the flush, how safe is the system?
ThanksComment
-
Re: firewall troubles!!!!
I don't see any need for firewalls in Linux except if you are running a server as there aren't really any viruses (which also makes me remind you to not worry about installing antivirus as it is not necessary) or anything that can be dangerous to your computer exept for people hacking into your server which is why i think there is only need for a firewall if you are running a server.Comment
-
Re: firewall troubles!!!!
That
is a new installation without Guarddog or Firestarter.Here:
~$ sudo iptables -L...
About firewalls (this is a bit old) > Fine-Tuning Kubuntu
There is no option during installation to configure a firewall, and Kubuntu includes no graphical firewall configurators. Kubuntu installs with no open ports, so strictly speaking it doesn't need one. A running service, like a web or mail server, creates an open port. No open ports means nothing to attack. While this viewpoint is valid, I think it's a bit shortsighted, because hardly any installation remains unmodified. Also, no matter how careful you are with application-level security and strong passwords and such, layered defenses are good and protect you from your own mistakes. About the only reasons not to set up a firewall are if your PC was not connected to any other networks, or you had an external firewall.
About Guarddog and Firestarter > Topic: guarddog won't let kmail send
kubicle:
As for firestarter, firestarter allows all outbound connections by default (different from guarddog), so it'll allow sending mail no matter which protocol/port is used.Before you edit, BACKUP !
Why there are dead links ?
1. Thread: Please explain how to access old kubuntu forum posts
2. Thread: Lost InformationComment
-
Re: firewall troubles!!!!
That is a whole new discussion. I happen to think that every computer that goes on to a public network should be firewalled. Especially Laptops. And it is only a matter of time before Ubuntu viruses will emerge because the popularity of Ubuntu and Linux in General is always growing.Originally posted by fulcj001
But let;s not hijack the post with opinions about firewalling or not and anti virus or not.
[mad]BerryCheck out my website with Kubuntu how to's: madberry.orgComment
-
Re: firewall troubles!!!!
I use the following:
arno-iptables-firewall
It really is simple, after install you get asked whether there are any special ports you want open, otherwise it pretty much configures itself. I've never used another one...Once your problem is solved please mark the topic of the first post as SOLVED so others know and can benefit from your experience! / FAQComment
Comment