Re: Bit Twister: Is this the dhclient-exit-hooks you were talking about?

Bit Twister <BitTwister@xxxxxxxxxxxxxxxx> wrote in

On Sat, 23 Sep 2006 13:58:23 +0000 (UTC), Ohmster wrote:

I don't use shorewall but thought about it. Found it too
difficult to get up and running right away.

Mandriva Linux's installer made the initial Shorewall setup painless.

Hmmm, I got Fedora 3 running right now. Want to go to Fedora 5 but cannot
afford to lose my years and years worth of configs and tweaks. Will have
to wait until I can afford another 200Gb IDE drive and will install FC5
to that and then have my old drive in the box too so that I can copy over
my configs and not lose anything that way. I might even be able to
upgrade from FC3 to FC5 but not sure if that will work and a clean
install is usually always the better way to go.

Firestarter come with a GUI that makes getting it up and running
and doing what you want all of a three minute process.

Mandriva Linux's Control Center is pretty well dumbed down for the new
user. Better GUI tweaking can be done through the Webmin application.

Yeah I hear ya, there is a webmin front end for shorewall. I think that I
tried it once but could not get it up and doing what I wanted quickly so
I sort of sold out to firestarter again.

It does tend to choke the system logs with packet info and
I really wish it would not do that.

That is one of the things I like about Shorewall. I can tweak what
gets logged. It also has a blacklist file where I can just drop
by ip, ip range, port range, .... without logging.

Oh dam, I really need that. I do the same thing with the firestarter GUI
because sometimes I will catch someone trying to hack into my FTP or SSH
daemons. I spot them with iftop (God I love that program!) and then tail
a log file to watch what is happening. I will find them trying to bang
their way in as an admin with every word in the dictionary for a
password. When I spot something like this happening, I will ban the IP

What would be cool is to find a way to make vsftpd and sshd cut off a
login when 3 failed attempts are made. Block them for like a half an hour
when this happens but I don't know of any way to do this. Also ban the IP
range if they do this consistantly. I do it by hand but cannot be around
to catch this all the time.

Maybe I should really investigate shorewall again seeing as how you
already made such a nice script for it, but I have requirements and am
not sure if this can be done with shorewall. What I have firestarter
doing right now is this:

1.) IP Masquerading
2.) ipv4 forwarding
3.) dhcp for local LAN
4.) Block unused ports
5.) Port forwarding for machines on the LAN that require it

Shorewall is pretty complicated but I am sure much more flexible than
firestarter. I would rather use shorewall but to get it up and running
with all the above requirements, like right away, might be more than I
can accompish and cannot leave the system down for a week or more while I
work on it. That is why I use firestarter.

I have a pretty quite log. I run a
xconsole -display wb:0 -geom 1032x50+400+00 -file /var/log/messages
on my firewall which gives me view of the logged messages in realtime
on my web browsing box.

Huh? This sounds pretty cool, I want to try and run this to see what it
does. I will try it now as a command in a terminal in xwindows to see if
it will work for me. No dice, see what happened...

[root@ohmster ~]# xconsole -display wb:0 -geom 1032x50+400+00 -file
/var/log/messages &
[1] 5547
[root@ohmster ~]# _X11TransSocketINETConnect() can't get address for
wb:6000: Name or service not known
Error: Can't open display: wb:0

[1]+ Exit 1 xconsole -display wb:0 -geom 1032x50+400+00
-file /var/log/messages
[root@ohmster ~]#

What am I doing wrong, how come that did not work bit? What you have
going on there sounds really neat and I would like to try it. What is the
"wb:0" part do?
theohmster at comcast dot net
Put "messageforohmster" in message body
to pass my spam filter.