Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 157
  • Last Modified:

Linux firewall

Hi
I am using mandrake 8.2
I need to protect against atacks from the net
What is the best firewall for my case?
Is there some firewall that I can configure in X86 environment?

Thanks
0
maomorta
Asked:
maomorta
  • 2
1 Solution
 
ahoffmannCommented:
use iptables as firewall
There exist a GUI for it too: FWBuilder, and some others
AFAIK admins who whant to protect their site do not use GUIs, but realy know what they configure ;-)
0
 
maomortaAuthor Commented:
Hi
The program have a good interface but I have a problem
When I try to execute the shell script I receive the following error:

./test.fw
+ '[' -x /usr/bin/logger ']'
+ logger -p info 'Activating firewall script compaq.ottolini.pt.fw generated Fri May 31 01:27:34 2002 WET by fmmr'
+ modprobe ip_conntrack
/lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter/ip_conntrack.o.gz: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
modprobe: insmod /lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter/ip_conntrack.o.gz failed
modprobe: insmod ip_conntrack failed
+ exit 1

Do you know how to correct it?
0
 
ahoffmannCommented:
I highly recommend to build the iptables into the kernel, and not use modules.
The erro seems to be as it says: busy (invalid parameters, etc).
0
 
ChungkuoCommented:
As root, list the modules you have currently loaded with lsmod. You should see something like this:

ipt_state                608   3  (autoclean)
ipt_MASQUERADE          1216   1  (autoclean)
ipt_LOG                 3104   7  (autoclean)
iptable_mangle          2144   0  (autoclean) (unused)
iptable_filter          1728   1  (autoclean)
iptable_nat            12756   1  [ipt_MASQUERADE]
ip_conntrack           12748   2  [ipt_state ipt_MASQUERADE iptable_nat]
ip_tables              10304   8  [ipt_state ipt_MASQUERADE ipt_LOG iptable_mangle iptable_filter iptable_nat]

These are the modules you need loaded for most iptables functions (if you want MAC filtering, you need to load ipt_mac as well).

Try loading the modules outside of the shell script using modprobe. Try:

modprobe ip_conntrack

and see what happens. Also try loading a couple of the other modules (like ip_tables and iptable_nat) and see if they load.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now