4

firehol

view full story
linux-howto

http://www.linuxquestions.org – Hi folks am trying to use firehol. As i feel a bit thick when it comes to firewalls on linux. nmap told me i had ports 4443 and 6006 open. also i need 137 and 138 open for samba. so i added the what i thought was the open and close commands in the firehol.conf. but to no avail. and it only starts when i log on not when the box starts. can anyone recommend something that works, starts and easy to add exceptions to. nmap report Code: johnh10000@tux:~$ nmap -v -A tux.isa-geek.org Starting Nmap 4.76 ( http://nmap.org ) at 2010-02-04 13:25 GMT Initiating Ping Scan at 13:25 Scanning 192.168.1.3 [1 port] Completed Ping Scan at 13:25, 0.00s elapsed (1 total hosts) Initiating Connect Scan at 13:25 Scanning tux.isa-geek.org (192.168.1.3) [1000 ports] Discovered open port 21/tcp on 192.168.1.3 Discovered open port 80/tcp on 192.168.1.3 Discovered open port 16001/tcp on 192.168.1.3 Discovered open port 5900/tcp on 192.168.1.3 Discovered open port 901/tcp on 192.168.1.3 Discovered open port 445/tcp on 192.168.1.3 Discovered open port 6006/tcp on 192.168.1.3 Discovered open port 6881/tcp on 192.168.1.3 Discovered open port 4443/tcp on 192.168.1.3 Discovered open port 139/tcp on 192.168.1.3 Discovered open port 10000/tcp on 192.168.1.3 Completed Connect Scan at 13:25, 0.80s elapsed (1000 total ports) Initiating Service scan at 13:25 Scanning 11 services on tux.isa-geek.org (192.168.1.3) Completed Service scan at 13:27, 135.10s elapsed (11 services on 1 host) SCRIPT ENGINE: Initiating script scanning. SCRIPT ENGINE: '/usr/share/nmap/scripts/dns-test-open-recursion.nse' threw a run time error and could not be loaded. SCRIPT ENGINE: '/usr/share/nmap/scripts/skype_v2-version.nse' threw a run time error and could not be loaded. SCRIPT ENGINE: error while initializing script rules: /usr/share/nmap/scripts/script.db:20: rpcinfo.nse is not a file! stack traceback:         [C]: in function 'Entry'         /usr/share/nmap/scripts/script.db:20: in main chunk         [C]: ?         [C]: ? SCRIPT ENGINE: Aborting script scan. Host  (192.168.1.3) appears to be up ... good. Interesting ports on (192.168.1.3): Not shown: 989 closed ports PORT      STATE SERVICE    VERSION 21/tcp    open  ftp          (Generally vsftp or WU-FTPD) 80/tcp    open  http        Apache httpd 2.2.11 ((Ubuntu) PHP/5.2.6-3ubuntu4.5 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0) 139/tcp  open  netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP) 445/tcp  open  netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP) 901/tcp  open  http        Samba SWAT administration server 4443/tcp  open  unknown? 5900/tcp  open  vnc        VNC (protocol 3.7) 6006/tcp  open  X11:6? 6881/tcp  open  http        Motion Camera httpd 3.2.11 10000/tcp open  http        Webmin httpd 16001/tcp open  tcpwrapped 2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port21-TCP:V=4.76%I=7%D=2/4%Time=4B6ACAD2%P=i686-pc-linux-gnu%r(NULL,23 SF:,"220\x20Welcome\x20to\x20Tux's\x20FTP\x20service\.\r\n")%r(GenericLine SF:s,6F,"220\x20Welcome\x20to\x20Tux's\x20FTP\x20service\.\r\n530\x20Pleas SF:e\x20login\x20with\x20USER\x20and\x20PASS\.\r\n530\x20Please\x20login\x SF:20with\x20USER\x20and\x20PASS\.\r\n")%r(Help,49,"220\x20Welcome\x20to\x SF:20Tux's\x20FTP\x20service\.\r\n530\x20Please\x20login\x20with\x20USER\x SF:20and\x20PASS\.\r\n")%r(SMBProgNeg,23,"220\x20Welcome\x20to\x20Tux's\x2 SF:0FTP\x20service\.\r\n"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port6006-TCP:V=4.76%I=7%D=2/4%Time=4B6ACAD7%P=i686-pc-linux-gnu%r(X11Pr SF:obe,3,"HB!")%r(GetRequest,3,"HB!")%r(RTSPRequest,3,"HB!")%r(DNSVersionB SF:indReq,3,"HB!")%r(Help,3,"HB!")%r(SSLSessionReq,3,"HB!")%r(FourOhFourRe SF:quest,3,"HB!")%r(LDAPBindReq,3,"HB!")%r(LANDesk-RC,3,"HB!")%r(NCP,3,"HB SF:!")%r(WMSRequest,3,"HB!"); Service Info: Device: webcam Read data files from: /usr/share/nmap Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 137.57 seconds johnh10000@tux:~$ Have attached the conf file Attached Files firehol.conf.txt (8.6 KB) (HowTos)