Comments on: Install Firewall http://www.securecentos.com Howto secure your centos Tue, 31 Jan 2012 18:52:00 +0000 hourly 1 By: minos http://www.securecentos.com/basic-security/install-firewall/comment-page-1/#comment-1100 minos Wed, 31 Aug 2011 13:43:00 +0000 http://www.securecentos.com/wp/?page_id=129#comment-1100 For the life of me for the last two hours i could not find or figure out why (copied from the example above) G_TCP_CPORTS=”21,22,25,53,80,110,111,143,443,587,953,2222,3306″ Didn't work for opening 3306, but all the other ports worked fine, then I finally noticed that from your example that I copied it used the damn MS quote (″) Please change your examples above to rid them of this headache causing quote. I am sure I am not the only person that had this happen. Really enjoyed your tutorials and have recommended them to everyone else that is setting up centos boxes. For the life of me for the last two hours i could not find or figure out why (copied from the example above)
G_TCP_CPORTS=”21,22,25,53,80,110,111,143,443,587,953,2222,3306″

Didn’t work for opening 3306, but all the other ports worked fine, then I finally noticed that from your example that I copied it used the damn MS quote (″)

Please change your examples above to rid them of this headache causing quote. I am sure I am not the only person that had this happen.

Really enjoyed your tutorials and have recommended them to everyone else that is setting up centos boxes.

]]> By: John http://www.securecentos.com/basic-security/install-firewall/comment-page-1/#comment-1043 John Tue, 28 Dec 2010 02:11:00 +0000 http://www.securecentos.com/wp/?page_id=129#comment-1043 When I start APF for the first time it frezes at the line below: apf(1632): {php} parsing php_list into /etc/apf/php_hosts.rules Then the server crashes or goes into total lock-down because ssh or apache wont respond. Any ideas guys? When I start APF for the first time it frezes at the line below:
apf(1632): {php} parsing php_list into /etc/apf/php_hosts.rules

Then the server crashes or goes into total lock-down because ssh or apache wont respond.

Any ideas guys?

]]> By: geelee http://www.securecentos.com/basic-security/install-firewall/comment-page-1/#comment-1042 geelee Fri, 24 Dec 2010 19:06:00 +0000 http://www.securecentos.com/wp/?page_id=129#comment-1042 -------------- conf.apf : IFACE_IN="eth0" IFACE_OUT="eth0" Then ,THIS HAPPEND IF reboot. or unplug network cable. """ apf -r apf(32093): {glob} flushing & zeroing chain policies apf(32093): {glob} firewall offline apf(32127): {glob} activating firewall apf(32167): {glob} could not verify that interface eth0 is routed to a network, aborting. apf(32127): {glob} firewall initalized iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination """ why this happend? what can i do? ------------------ IF i set this values in conf.apf : IFACE_IN="" IFACE_OUT="" then this happend: apf -r apf(32245): {glob} flushing & zeroing chain policies apf(32245): {glob} firewall offline apf(32278): {glob} activating firewall apf(32318): {glob} determined (IFACE_IN) has address 127.0.0.1 apf(32318): {glob} determined (IFACE_OUT) has address 127.0.0.1 iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere DROP all -- default/8 anywhere DROP all -- 39.0.0.0/8 anywhere DROP all -- 102.0.0.0/8 anywhere DROP all -- 103.0.0.0/8 anywhere DROP all -- 106.0.0.0/8 anywhere DROP all -- loopback/8 anywhere ^C This is OK? ————–
conf.apf :
IFACE_IN=”eth0″
IFACE_OUT=”eth0″

Then ,THIS HAPPEND IF reboot. or unplug network cable.

“”"
apf -r
apf(32093): {glob} flushing & zeroing chain policies
apf(32093): {glob} firewall offline
apf(32127): {glob} activating firewall
apf(32167): {glob} could not verify that interface eth0 is routed to a network, aborting.
apf(32127): {glob} firewall initalized

iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
“”"

why this happend?
what can i do?

——————
IF i set this values in conf.apf :
IFACE_IN=”"
IFACE_OUT=”"

then this happend:

apf -r
apf(32245): {glob} flushing & zeroing chain policies
apf(32245): {glob} firewall offline
apf(32278): {glob} activating firewall
apf(32318): {glob} determined (IFACE_IN) has address 127.0.0.1
apf(32318): {glob} determined (IFACE_OUT) has address 127.0.0.1

iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all — anywhere anywhere
DROP all — default/8 anywhere
DROP all — 39.0.0.0/8 anywhere
DROP all — 102.0.0.0/8 anywhere
DROP all — 103.0.0.0/8 anywhere
DROP all — 106.0.0.0/8 anywhere
DROP all — loopback/8 anywhere
^C

This is OK?

]]> By: 1234homie http://www.securecentos.com/basic-security/install-firewall/comment-page-1/#comment-1041 1234homie Sat, 18 Dec 2010 21:19:00 +0000 http://www.securecentos.com/wp/?page_id=129#comment-1041 how can I scan centos to find viruses? how can I scan centos to find viruses?

]]> By: 1234homie http://www.securecentos.com/basic-security/install-firewall/comment-page-1/#comment-957 1234homie Sun, 12 Sep 2010 13:47:07 +0000 http://www.securecentos.com/wp/?page_id=129#comment-957 great site, thanks for apf! working very well ;] great site, thanks for apf! working very well ;]

]]> By: WebAlfa http://www.securecentos.com/basic-security/install-firewall/comment-page-1/#comment-801 WebAlfa Fri, 13 Aug 2010 20:25:37 +0000 http://www.securecentos.com/wp/?page_id=129#comment-801 Plesk IG_TCP_CPORTS=" 20,21,22,25,26,53,80,110,143,443,465,993,995,3389,8443,8880,30000,61001,65535" EG_TCP_CPORTS=" 21,22,25,26,27,37,43,53,80,110,113,443,465,873,3389,8443,8880,30000" Plesk
IG_TCP_CPORTS=” 20,21,22,25,26,53,80,110,143,443,465,993,995,3389,8443,8880,30000,61001,65535″
EG_TCP_CPORTS=” 21,22,25,26,27,37,43,53,80,110,113,443,465,873,3389,8443,8880,30000″

]]> By: Firewall installation | HostGator Coupon Code http://www.securecentos.com/basic-security/install-firewall/comment-page-1/#comment-626 Firewall installation | HostGator Coupon Code Tue, 22 Jun 2010 14:52:40 +0000 http://www.securecentos.com/wp/?page_id=129#comment-626 [...] i just attempt to install firewall APF [...] [...] i just attempt to install firewall APF [...]

]]> By: Firewall installation | Cheap WebHosting Directory http://www.securecentos.com/basic-security/install-firewall/comment-page-1/#comment-625 Firewall installation | Cheap WebHosting Directory Tue, 22 Jun 2010 14:22:11 +0000 http://www.securecentos.com/wp/?page_id=129#comment-625 [...] i just attempt to install firewall APF [...] [...] i just attempt to install firewall APF [...]

]]> By: jeffatrackaid http://www.securecentos.com/basic-security/install-firewall/comment-page-1/#comment-601 jeffatrackaid Mon, 14 Jun 2010 14:00:58 +0000 http://www.securecentos.com/wp/?page_id=129#comment-601 While APF, CSF and similar firewalls are nice and provide a lot of features. I've found a very simple strategy of block everything and open only what is needed works very well. Combine this with some rate-limiting via IPtables (http://www.rackaid.com/resources/how-to-block-ssh-brute-force-attacks/) works very well. I've found some of these advanced firewall scripts to cause performance issues as the rules chains grow overly long if not checked. This is mostly an issue on high traffic servers, but I've often replaced APF/CSF with a simple IPTables script. Also, you have to be careful of some of these programs as they are vulnerable against log injection attacks. I've not checked APF but BFD from the same author was (is?) vulnerable to a log injection attack. Since the processing of log data is not sanitized, you can spoof IPs and get BFD to block IPs. See: http://www.ossec.net/main/attacking-log-analysis-tools for a good discussion of this issue. While APF, CSF and similar firewalls are nice and provide a lot of features. I’ve found a very simple strategy of block everything and open only what is needed works very well. Combine this with some rate-limiting via IPtables (http://www.rackaid.com/resources/how-to-block-ssh-brute-force-attacks/) works very well. I’ve found some of these advanced firewall scripts to cause performance issues as the rules chains grow overly long if not checked. This is mostly an issue on high traffic servers, but I’ve often replaced APF/CSF with a simple IPTables script.

Also, you have to be careful of some of these programs as they are vulnerable against log injection attacks. I’ve not checked APF but BFD from the same author was (is?) vulnerable to a log injection attack. Since the processing of log data is not sanitized, you can spoof IPs and get BFD to block IPs. See: http://www.ossec.net/main/attacking-log-analysis-tools for a good discussion of this issue.

]]> By: art http://www.securecentos.com/basic-security/install-firewall/comment-page-1/#comment-576 art Thu, 03 Jun 2010 20:24:57 +0000 http://www.securecentos.com/wp/?page_id=129#comment-576 I've got >> iptables: Unknown error 18446744073709551615 The same error for afp and firehol. My VPS using openvz@parallels. Can you help with some advice? I’ve got

>> iptables: Unknown error 18446744073709551615

The same error for afp and firehol. My VPS using openvz@parallels.
Can you help with some advice?

]]>