search for: firewall

My firewall config is below... I am trying to figure out why another machine has access to port 5038 on my machine based on these firewall rules. I thought the reject at the bottom would take care of all other ports? It does not. I have restarted with "server iptables restart" and same thing. I c...

...it seems to work, the modules is loads.... I have already tried to install other versions of kernel but the problem is always the same one :-(( Someone has some idea of what is happening? Thanks... Dario Lesca --------------------------------[boot.log]-------------------------- gen 2 14:12:07 firewall syslog: Avvio syslogd succeeded gen 2 14:12:07 firewall syslog: Avvio klogd succeeded gen 2 14:12:07 firewall portmap: Avvio portmap succeeded gen 2 14:12:07 firewall nfslock: Avvio rpc.statd succeeded gen 2 14:12:08 firewall keytable: Caricamento configurazione tastiera gen 2 14:12:08 firewal...

Hello, I can''t figure out how I can use the module puppetlabs-firewall only for some targeted nodes. If I put : resources { "firewall": purge => true } in top scope (i.e. site.pp), then all the firewall rules on all my nodes are purged. Even for nodes for which I don''t apply any module containing specific firewall { ... } resources. If I put...

I''m using puppetlabs/firewall with Puppet 2.7.2, and for the most part it''s working great. I have this in my sites.pp, which I took from this list sometime ago, to save firewall rules to disk when they''re changed: # Always persist firewall rules if ($kernel == ''Linux'') {...

Below is my firewall rules for iptables. everything is working fine except for NFS I cannot mount my drive. If I turn off iptables I can mount. Looking at this : http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-nfs.html Important In order for NFS to work with a default installation of Red Hat Ente...

...,89,182,135,169) ftp: connect: No route to host ftp> But, what am I doing wrong, here!?!?! Sample from /etc/sysconfig/iptables, with the IP addresses changed to $VARIABLES. ############################################ *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp --dport 21 -j...

Hello all: I did a fresh install of CentOS 7 on a new machine. I wrote /usr/local/bin/firewall.stop to remove all the firewall rules. It contains this code: # Flush the rules /usr/sbin/iptables -F # Set the default policies to accept /usr/sbin/iptables -P INPUT ACCEPT /usr/sbin/iptables -P OUTPUT ACCEPT /usr/sbin/iptables -P FORWARD ACCEPT I wrote /usr/local/bin/firewall.start to set the f...

Hi all, I'm trying to convers some Cisco SSCP phones to the SIP formware. The phone boots, I see it tries to fetch a bunch of files on my TFTP: Jun 17 09:37:45 firewall dnsmasq-dhcp[21202]: DHCPACK(eth2) 192.168.10.103 6c:50:4d:da:f0:67 SEP6C504DDAF067 Jun 17 09:38:10 firewall in.tftpd[22666]: RRQ from 192.168.10.103 filename CTLSEP6C504DDAF067.tlv Jun 17 09:38:10 firewall in.tftpd[22666]: sending NAK (1, File not found) to 192.168.10.103 Jun 17 09:38:10 firewall...

...all ssh logins on port 22 on (62.139.61.84) from any host except from (82.201.195.123) Can anybody tell me such iptables rules to write in /etc/sysconfig/iptables Currently, im using the following rules (on 62.139.61.84) *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -i eth1 -j ACCEPT -A RH-Firewall-1-INPUT -i eth0 -s 82.201.195.123 -j ACCEPT -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j REJECT -A RH-Firewall-1-I...

Hi, I am running dovecot 1.2.11 on mac osx 1.5.8. Everything works perfectly with the application-level firewall off, but enabling the application firewall prevents dovecot connections. I have tried explicitly authorizing dovecot in the firewall, but it does not work. I have searched everywhere I can think of to look, and haven't found a solution, but have seen a couple other reports of what see...

Hi, I have HA firewalls configuration (keepalived) on one site. Each firewall has its own IP and a Virtual IP (VIP) that keepalived activate on one of the firewall (active/passive HA configuration). I think I can set all two firewalls with same configuration, generating key pairs on one firewall and copying that to the s...

Hi, I have an existing iptables as follows:- # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -...

We're supposed to provide redundant firewall service. I'm wondering if anyone has ever tried to do this and if it's realistic. Basically 2 firewall machines hooked up so if one fails the other will transparently step in. I've googled it to death without much luck. The security issue here lies in that the 2 firewalls can't...

...sync,all_squash) /centos-media/centosdvd32/DVD 10.14.10.0/255.255.255.0(ro,sync,all_squash) After doing so, I also modified the entries under IPtables to allow traffic in 111 and 2049 at the UDP/TCP level and restarted the service as shown bellow. [root at zeus DVD]# cat /etc/sysconfig/iptables # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -...

[root at hwdltsaloli ~]# cat /etc/sysconfig/iptables # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -...

We''re testing out the Puppetlabs-Firewall module. And it seems I''m either missing something fundamental or Logging/Accpet works/doesn''t work in an irregular way. I would be most grateful for some input. *COMMON:* firewall { ''002 accept related established rules INPUT'': proto => ''all...

...g/system-config-securitylevel has three entries, which explains how the port 80 and 22 rules get into the config: --enabled --port=22:tcp --port=80:tcp ... and i see the basic /etc/sysconfig/iptables-config file, but i'm unclear as to how the rest of the stuff gets in there: e.g.: # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-...

Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address - 1.2.3.4/29) to...

I can use the gutenberg_download() function in the gutenbergr package on a computer that doeson't use a firewall, but on an almost identical installation that is behind a firewall, nothing happens, not even a time-out. Has anyone succeeded in using gutenberg_download() successfully with a firewall? I tried raising an issue at https://github.com/ropenscilabs/gutenbergr/issues/17 with no usable response. I a...

Hi all, I''m attempting to use the puppetlabs-firewall module. In testing, rules are enabled in a random order, so it seems necessary to utilize puppet stages to guarantee proper ordering. I created a module to organize my firewalling. It consists of localfw::pre to open the INPUT chain for established and related connections, localfw::default for mos...