HomeBlogspharon's blog

firestarter and avahi

pharon's picture
Thu, 2006-12-28 21:02 — pharon

After banging my head against the wall for while, and creating a half solution the right way, I found this :

http://sourceforge.net/mailarchive/message.php?msg_id=15406748

Finally I have firestarter and avahi playing nice together.

Basically add :

{{{
$IPT -A INPUT -s 224.0.0.0/8 -d 0/0 -j ACCEPT
$IPT -A INPUT -s 0/0 -d 224.0.0.0/8 -j ACCEPT
$IPT -A OUTPUT -s 224.0.0.0/8 -d 0/0 -j ACCEPT
$IPT -A OUTPUT -s 0/0 -d 224.0.0.0/8 -j ACCEPT
}}}

to /etc/firestarter/user-pre .

Firestarter installs /etc/dhclient-exit-hooks which should apply your firewall rules when dhclient finishes acquiring an address. However the /sbin/dhclient-script expects it to be in /etc/dhcp .
A symlink and chmod solved the issue :

{{{
ln -s /etc/dhclient-exit-hooks /etc/dhcp
chmod +x /etc/dhclient-exit-hooks
}}}

Firestarter is great for quickly creating a secure iptables configuration, as well as configuring ip forwarding and NAT for other boxes to connect through you.

It has a GUI that allows you to monitor connections and suspicious events, as well as create simple rules manually or based on events.

It's user-pre and user-post scripts allow for advanced configurations. I just wish more features were exported through the GUI, like bridging for example.

http://www.fs-security.com

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options