I'm using SuSE 8.2 For several days I have noticed my /var/log/messages file has been devoid of the usual messages indicating someone has been looking at my ports. I'm using Shorewall and droping everything but what i need yet no more notices in the message file. Today I looked at my route and got this: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 user-0ceicg0.ca * 255.255.254.0 U 0 0 0 eth1 default user-0ceicg1.ca 0.0.0.0 UG 0 0 0 eth1 I had never seen the user-0ceicg1.ca thing. eth1 is my connection to the net via cable modem. A few weeks ago I discovered I had been rootkitted and reformatted and reinstalled everything on this machine, Does anyone recognise what has happened to my route tables? TIA Richard
Hi Richard,
Sorry, can't get any useful hint for your routing table.
But I'd very much like to know more about the rootkit and the
hole used for getting in your machine. As far as I understood,
you're running a firewall, so shouldn't be too easy for an
intruder? (read: I'm running an 8.2 too, and without a decent
firewall, so would like to know where to expect a hit from ,-)
Maybe a fix for it can make into the next security update?
Good luck
Ed
--- Richard
I'm using SuSE 8.2 For several days I have noticed my /var/log/messages file has been devoid of the usual messages indicating someone has been looking at my ports.
I'm using Shorewall and droping everything but what i need yet no more notices in the message file.
Today I looked at my route and got this: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 user-0ceicg0.ca * 255.255.254.0 U 0 0 0 eth1 default user-0ceicg1.ca 0.0.0.0 UG 0 0 0 eth1
I had never seen the user-0ceicg1.ca thing. eth1 is my connection to the net via cable modem.
A few weeks ago I discovered I had been rootkitted and reformatted and reinstalled everything on this machine,
Does anyone recognise what has happened to my route tables? TIA Richard
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
__________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com
On Tue, 2003-06-03 at 14:24, Eduard Avetisyan wrote:
Hi Richard,
Sorry, can't get any useful hint for your routing table. But I'd very much like to know more about the rootkit and the hole used for getting in your machine. As far as I understood, you're running a firewall, so shouldn't be too easy for an intruder? (read: I'm running an 8.2 too, and without a decent firewall, so would like to know where to expect a hit from ,-) Maybe a fix for it can make into the next security update?
Good luck Ed
I went surfing bareback is what caused my problem! I'm on cable and always playing with my machine. Occasionally I would stop and clear Shorewall to find out why my machine wouldnt let me or my other subhosts get on the net. It was probably during one of those excursions that it happened. If you dont have a good firewall you have probably been hit already. My logs showed that I was constantly being scanned for ports 80, and the other windows based ports like 443 and 1434, . Also I saw a lot of scans by Korean and Chinese URL's hitting my higher ports like 27374. One day I noticed things were not quite right. It;s hard to describe what was going on, so I downloaded and fired up the chkrootkit app and sure enough, I had been invaded. Following the advice of others, I reformatted and reinstalled everything. Not a fun process as I had a lot of neat things like Mplayer working perfectly. After saving my /home stuff to a cd I did the reformatting and reinstalling. Now I am very carefull to unplug the cable modem whenever I decide to kill the firewall. I also run the chkrootkit thing periodically. As I am a long way from being a security expert I have learned to be careful and seek advice from those who know a lot more than I. I have also been a lot more cautious. I periodically go on GRC.com and let them scan a few ports and they show that the ports they look at are in stealth mode. Bottom line, get a good- easy Firewall and be carefull what you allow in. I like shorewall cause it is easy to use and the support by the author is outstanding as is the documentation. I find SuSEfirewall to confusing and I really dont want to know how to set up the iptables. Shoewall does the translation for me. As to my current problem, I'm not sure my machine has been invaded but the routing gateway is different so I am looking for anyone that can tell me what is going on. It may be that when I DHCP my isp for my IP they are changing it but I sure would like to know. From all I can see using online port scanners, my box is fairly well secured. I hope my rambling did not get to off topic and answered your questions. Give a look at www.blackcode.com. Regards, Richard
On Tuesday 03 June 2003 14:05, Richard wrote:
My logs showed that I was constantly being scanned for ports 80, and the other windows based ports like 443 and 1434, . Also I saw a lot of scans by Korean and Chinese URL's hitting my higher ports like 27374. One day I noticed things were not quite right. It;s hard to describe what was going on, so I downloaded and fired up the chkrootkit app and sure enough, I had been invaded.
If you saved your config files from the old instalation, check your sshd_config to see if you had enabled ssh1. I have heard of 3 different suse 7.3 boxes rooted in the last 4 weeks and the only thing in common was ssh1 available from the net. -- _____________________________________ John Andersen
On Tue, 2003-06-03 at 18:45, John Andersen wrote:
On Tuesday 03 June 2003 14:05, Richard wrote:
My logs showed that I was constantly being scanned for ports 80, and the other windows based ports like 443 and 1434, . Also I saw a lot of scans by Korean and Chinese URL's hitting my higher ports like 27374. One day I noticed things were not quite right. It;s hard to describe what was going on, so I downloaded and fired up the chkrootkit app and sure enough, I had been invaded.
If you saved your config files from the old instalation, check your sshd_config to see if you had enabled ssh1.
Nope, I didnt save that particular config file. I looked through the current sshd_config file but cannot see where ssh1 is enabled. The man page wasn't any help either. I went through it 3 times but cannot see where ssh1 is enabled. What am I looking for?
I have heard of 3 different suse 7.3 boxes rooted in the last 4 weeks and the only thing in common was ssh1 available from the net.
Is that the Protocol setting by chance? Thanks, Richard
On Tuesday 03 June 2003 19:08, Richard wrote:
On Tue, 2003-06-03 at 18:45, John Andersen wrote:
On Tuesday 03 June 2003 14:05, Richard wrote:
My logs showed that I was constantly being scanned for ports 80, and the other windows based ports like 443 and 1434, . Also I saw a lot of scans by Korean and Chinese URL's hitting my higher ports like 27374. One day I noticed things were not quite right. It;s hard to describe what was going on, so I downloaded and fired up the chkrootkit app and sure enough, I had been invaded.
If you saved your config files from the old instalation, check your sshd_config to see if you had enabled ssh1.
Nope, I didnt save that particular config file. I looked through the current sshd_config file but cannot see where ssh1 is enabled. The man page wasn't any help either. I went through it 3 times but cannot see where ssh1 is enabled. What am I looking for?
#Port 22 Protocol 2 #ListenAddress 0.0.0.0 Make sure the protocol line says as above and not Protocol 2,1 or Protocol 1,2 -- _____________________________________ John Andersen
On Tue, 2003-06-03 at 22:16, John Andersen wrote:
Nope, I didnt save that particular config file. I looked through the current sshd_config file but cannot see where ssh1 is enabled. The man page wasn't any help either. I went through it 3 times but cannot see where ssh1 is enabled. What am I looking for?
#Port 22 Protocol 2 #ListenAddress 0.0.0.0
Make sure the protocol line says as above and not Protocol 2,1 or Protocol 1,2
Thanks John, I made that change. Do you have any idea why my default route has that strange destination? I went through Yast and by all that I can see it should not be that but should be the IP of my isp unless I am completely wrong. As I recall, it used to be the IP (24.233.51.9) that I get when the network is started. I did a whois on the name and got that it was available. Strange!!! ra
On Wednesday 04 June 2003 05:38, Richard wrote:
On Tue, 2003-06-03 at 22:16, John Andersen wrote:
Make sure the protocol line says as above and not Protocol 2,1 or Protocol 1,2
Thanks John, I made that change. Do you have any idea why my default route has that strange destination? I went through Yast and by all that I can see it should not be that but should be the IP of my isp unless I am completely wrong. As I recall, it used to be the IP (24.233.51.9) that I get when the network is started. I did a whois on the name and got that it was available. Strange!!! ra
Unless you want the whole world to connect to your ssh, you might also consider to give access to ssh based upon IP adress. This may be done from the firewall, but also from tcp_wrappers (by editing /etc/hosts.allow and /etc/hosts.deny. See those files for examples.). tcp_wrappers works even when the firewall is down. Putting a cheap DSL router in front of your SuSE machine will help against misconfigured firewalls, if this is relevant for your network setup. I use such a setup at home, even though each and every machine behind also has a firewall. However, the logs I get is only from what the DSL router lets through. Cheers, Sigfred.
Unless you want the whole world to connect to your ssh, you might also consider to give access to ssh based upon IP adress. This may be done from the firewall, but also from tcp_wrappers (by editing /etc/hosts.allow and /etc/hosts.deny. See those files for examples.). tcp_wrappers works even when the firewall is down.
I prefer to put in any layers I can. This would mean that you'd: - configure SSH to be as strict as possible - configure TCP-wrappers around it to be strict - put iptables/ipchains rules that further restrict these connections (to SSH and other services?) And test it too: - test SSH settings so that only the options and machines you allow really work and others do not - put in TCP-wrappers config (i.e. /etc/hosts.deny, /etc/hosts.allow stuff) and test those. This means that you either check from the logs or let the SSH config be a little bit more "allowing" and check that TCP-wrappers deny the "extra" (allowed stuff) and let only from the hosts that really are allowed. This means that wrappers deny what SSH config "allows". - add in iptables/ipchains rules so that they deny the extra stuff. Test this so that SSH allows some "extra" and TCP wrappers allows some "extra" but firewall (iptables) does not allow. For some tests you should probably disconnect the thing from network so that you do not get broken in while learning how to config. The result should be a system that has (at least) three defense lines: - outer line is the iptables/ipchains rules (unless you have a firewall in front of it) - middle line of defense is the TCP wrappers which should stop the traffic (deny the connection) should it happen so that the first line lets somebody through. - inner(most) line is the SSH configuration itself. This sort of defense is often compared to what they did with castles and such things a long time ago. It applies to modern warfare too (including information warfare). [ And when you get very paranoid: you can add a layer such as NSA MAC stuff inside the SSH "layer". This for example to make buffer overruns less capable of compromising your system.]
Putting a cheap DSL router in front of your SuSE machine will help against misconfigured firewalls, if this is relevant for your network setup. I use such a setup at home, even though each and every machine behind also has a firewall. However, the logs I get is only from what the DSL router lets through.
Yes, or an old PC with gnatbox or any of the easily configurable firewalls that you can find in the net. A DSL router is probably the easiest, though. regards, timo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 03 June 2003 18:58, Richard wrote:
user-0ceicg1.ca
I would be interested in, how you set up shorewall and I do believe Tom would like to know as well since it is his firewall. - -- A child of five would understand this. Send someone to fetch a child of five. Groucho Marx - ---------------------------------------------------- This mail has been scanned for virus by AntiVir for UNIX Copyright (C) 1994-2003 by H+BEDV Datentechnik GmbH. PGP ID: 589F8449 Fingerprint: EB1C FACF 6BEB 540E 8AC0 F04E 2A25 A2F1 589F 8449 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+3Rw4KiWi8VifhEkRAujhAKCM0RnE0bdSKgrwBn+z/N/mcwLlSQCgo5Ii CsfxXQQUXRjljpAhTioQa/Q= =CeBm -----END PGP SIGNATURE-----
On Tue, 2003-06-03 at 17:07, Ian David Laws wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tuesday 03 June 2003 18:58, Richard wrote:
user-0ceicg1.ca
I would be interested in, how you set up shorewall and I do believe Tom would like to know as well since it is his firewall.
My setup is not all that complicated. I'm using ver 1.4.2 right now. I begin with the basic two interface setup. I had to switch eth0 and eth1 as eth1 is my connection to the cable modem. The Policy file is set to DROP all inputs to eth1. As I now use the Vonage VoIP system for my phone, I changed the rules to the following: #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST # # Accept DNS connections from the firewall to the network # ACCEPT fw net tcp 53 ACCEPT fw net udp 53 ACCEPT loc fw udp 53 ACCEPT fw loc udp 53 ACCEPT loc fw tcp 53 # # Accept SSH connections from the local network for administration # ACCEPT loc fw tcp 22 ACCEPT fw loc tcp 22 ACCEPT loc fw tcp 20 ACCEPT fw loc tcp 20 ACCEPT loc fw tcp 21 #ACCEPT fw loc tcp 21 DNAT net loc:192.168.1.147 udp 5060 DNAT net loc:192.168.1.147 udp 5061 DNAT net loc:192.168.1.147 udp 10100:10500 ACCEPT loc fw udp 123 ACCEPT fw loc udp 123 # changed net to loc and loc to net on udp port 123 to test the voip #ACCEPT loc net udp 5061 ACCEPT loc fw udp 69 ACCEPT fw loc udp 69 ACCEPT fw loc udp 67 ACCEPT fw loc udp 68 ACCEPT loc fw udp 67 ACCEPT loc fw udp 68 #ACCEPT loc net udp 10100:10500 ACCEPT fw loc tcp 631 ACCEPT loc fw tcp 631 # # Allow Ping To And From Firewall # ACCEPT loc fw icmp 8 ACCEPT net fw icmp 8 ACCEPT fw loc icmp 8 ACCEPT fw net icmp 8 #DROP net fw icmp 8 # #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE So far as I can tell, all my external ports are closed or stealth, depending on how you want to call them, and the phone system works better than Verizon did. My subnet of 5 computers including two Winstuff works fine. Can you see anything I should be concerned about? If you can see anything that might interest Tom I will send it to him but I know he is extremely busy helping others. I have considered going back to one of the 1.3 versions to be sure everything was ok as I had no problems then. Regards, Richard
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 04 June 2003 01:16, Richard wrote:
On Tue, 2003-06-03 at 17:07, Ian David Laws wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tuesday 03 June 2003 18:58, Richard wrote:
user-0ceicg1.ca
I would be interested in, how you set up shorewall and I do believe Tom would like to know as well since it is his firewall.
My setup is not all that complicated. I'm using ver 1.4.2 right now. I begin with the basic two interface setup. I had to switch eth0 and eth1 as eth1 is my connection to the cable modem. The Policy file is set to DROP all inputs to eth1. As I now use the Vonage VoIP system for my phone, I changed the rules to the following:
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST #
# Accept DNS connections from the firewall to the network # ACCEPT fw net tcp 53 ACCEPT fw net udp 53 ACCEPT loc fw udp 53 ACCEPT fw loc udp 53 ACCEPT loc fw tcp 53
Do you have your own DNS server and are send info of your DNS to the net then okay. But if not you do not need the TCP port (transfer data) open it is enough when UDP (query) is open
# # Accept SSH connections from the local network for administration # ACCEPT loc fw tcp 22 ACCEPT fw loc tcp 22 ACCEPT loc fw tcp 20 ACCEPT fw loc tcp 20 ACCEPT loc fw tcp 21 #ACCEPT fw loc tcp 21
Why use ftp when sftp or scp is just as good. (Putty for M$ machines)
DNAT net loc:192.168.1.147 udp 5060 DNAT net loc:192.168.1.147 udp 5061 DNAT net loc:192.168.1.147 udp 10100:10500 ACCEPT loc fw udp 123 ACCEPT fw loc udp 123 # changed net to loc and loc to net on udp port 123 to test the voip #ACCEPT loc net udp 5061
ACCEPT loc fw udp 69 ACCEPT fw loc udp 69 ACCEPT fw loc udp 67 ACCEPT fw loc udp 68 ACCEPT loc fw udp 67 ACCEPT loc fw udp 68
? Not sure why this, never used a dummy terminal or TFTP
#ACCEPT loc net udp 10100:10500 ACCEPT fw loc tcp 631 ACCEPT loc fw tcp 631 # # Allow Ping To And From Firewall # ACCEPT loc fw icmp 8 ACCEPT net fw icmp 8 ACCEPT fw loc icmp 8 ACCEPT fw net icmp 8 #DROP net fw icmp 8
Why allow ping onto your firewall from the Internet??
# #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
<snip> looking good. Ian - -- A child of five would understand this. Send someone to fetch a child of five. Groucho Marx - ---------------------------------------------------- This mail has been scanned for virus by AntiVir for UNIX Copyright (C) 1994-2003 by H+BEDV Datentechnik GmbH. PGP ID: 589F8449 Fingerprint: EB1C FACF 6BEB 540E 8AC0 F04E 2A25 A2F1 589F 8449 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+3b7WKiWi8VifhEkRAnwRAJ9AbKuEEVALWdpaCPV1UYB9/AM5GACfT+yD uY66Y/HW+hHqB0+o9ND2BJg= =mAUQ -----END PGP SIGNATURE-----
On Wed, 2003-06-04 at 04:41, Ian David Laws wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wednesday 04 June 2003 01:16, Richard wrote:
On Tue, 2003-06-03 at 17:07, Ian David Laws wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tuesday 03 June 2003 18:58, Richard wrote:
user-0ceicg1.ca
I would be interested in, how you set up shorewall and I do believe Tom would like to know as well since it is his firewall.
My setup is not all that complicated. I'm using ver 1.4.2 right now. I begin with the basic two interface setup. I had to switch eth0 and eth1 as eth1 is my connection to the cable modem. The Policy file is set to DROP all inputs to eth1. As I now use the Vonage VoIP system for my phone, I changed the rules to the following:
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
# ACCEPT fw net tcp 53
ACCEPT fw net udp 53 ACCEPT loc fw udp 53 ACCEPT fw loc udp 53 ACCEPT loc fw tcp 53
Do you have your own DNS server and are send info of your DNS to the net then okay. But if not you do not need the TCP port (transfer data) open it is enough when UDP (query) is open
I have a DNS server but only to the subnet. Closed the tcp 53.
# # Accept SSH connections from the local network for administration # ACCEPT loc fw tcp 22 ACCEPT fw loc tcp 22 ACCEPT loc fw tcp 20 ACCEPT fw loc tcp 20 ACCEPT loc fw tcp 21 #ACCEPT fw loc tcp 21
Why use ftp when sftp or scp is just as good. (Putty for M$ machines)
Primarily cause I'm a bit dumb!. I just learned how to do sftp and scp after I setup my vsftp server. Will probably disable that eventually. Since I'm only using it for my local net there's not much chance of someone screwing with my machines.
DNAT net loc:192.168.1.147 udp 5060 DNAT net loc:192.168.1.147 udp 5061 DNAT net loc:192.168.1.147 udp 10100:10500 ACCEPT loc fw udp 123 ACCEPT fw loc udp 123 # changed net to loc and loc to net on udp port 123 to test the voip #ACCEPT loc net udp 5061
ACCEPT loc fw udp 69 ACCEPT fw loc udp 69 ACCEPT fw loc udp 67 ACCEPT fw loc udp 68 ACCEPT loc fw udp 67 ACCEPT loc fw udp 68
? Not sure why this, never used a dummy terminal or TFTP
These are ports the Vonage Techie said I needed to use their VoIP for my phone system. I'm still experimenting with what is needed to do that system. Will gradually kill each one and insure the phone still works.
#ACCEPT loc net udp 10100:10500 ACCEPT fw loc tcp 631 ACCEPT loc fw tcp 631 # # Allow Ping To And From Firewall # ACCEPT loc fw icmp 8 # ACCEPT net fw icmp 8 ACCEPT fw loc icmp 8 ACCEPT fw net icmp 8 #DROP net fw icmp 8
Why allow ping onto your firewall from the Internet?? Again cause I'm a bit dumb, but learning thanks to folks like you.
# #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
<snip> looking good.
Ian Thanks Ian for your suggestions. Now I'm off to figure out the hows and whys of tcpwrappers and ssh.
Regards, Richard
On Wednesday 04 June 2003 19:41, Richard wrote: <snipping post>
On Wed, 2003-06-04 at 04:41, Ian David Laws wrote: <snipping post>
Why use ftp when sftp or scp is just as good. (Putty for M$ machines)
Primarily cause I'm a bit dumb!. I just learned how to do sftp and scp after I setup my vsftp server. Will probably disable that eventually. Since I'm only using it for my local net there's not much chance of someone screwing with my machines.
Beeing a newbie is not the same as being dumb. On the other hand, there is always the possibility to a dumb thing. So I try to plan accordingly, and the first point is not to trust myself that much ;-) Shit happens and mistakes are done. If you have the possibility, just dedicate one machine as an expendable server, and protect the other machines (if any) with their own firewall. It may quite an old machine, since it does not need to run anything fancy like X. And yeah, don't trust does techies at the help desk that much. Not because their "nasty" or "evil", but quite simply that they don't have all that much time to help you in this. Besides, not all of them are that well versed in how to secure a machine with a _particular_ operating system. Cheers, Sigfred.
On Wed, 2003-06-04 at 13:56, Sigfred Håversen wrote:
On Wednesday 04 June 2003 19:41, Richard wrote: <snipping post>
On Wed, 2003-06-04 at 04:41, Ian David Laws wrote: <snipping post>
Beeing a newbie is not the same as being dumb. On the other hand, there is always the possibility to a dumb thing. So I try to plan accordingly, and the first point is not to trust myself that much ;-) Shit happens and mistakes are done. I'm not that much of a newbie, I just do dumshit things somethimes. LIke killing my firewall while my cable modem is still connected. Or not writing down when I make major changes so I can go back.
If you have the possibility, just dedicate one machine as an expendable server, and protect the other machines (if any) with their own firewall. It may quite an old machine, since it does not need to run anything fancy like X.
I have picked up an old laptop cheap which I want to setup as my router/firewall. It's to slow for normal use with KDE but at 150Meg should do quite well as a router. It is small and can be placed out of the way and has an UPS built-in. I just need to find the time to make the switch. I have 5 machines hanging onto my main one, but do I always play on the sub??? Of course not, that takes brains. Just like RTFMing before making changes. Any fool can read and screw things up, it takes a real Tim Allen type man to really screw things up without reading instructions.
And yeah, don't trust does techies at the help desk that much. Not because their "nasty" or "evil", but quite simply that they don't have all that much time to help you in this. Besides, not all of them are that well versed in how to secure a machine with a _particular_ operating system.
In all fairness to the Vonage Tech, he never missed a beat when I told him I was going to use a linux box as my router/firewall. No bad mouthing at all! Then he recognized immediately how I had already screwed up the ATA configuration and directed me to restoring it in a few minutes. Next he gave me all the port information I needed but had no idea how I should open them. All in all dealing with their techs has been a rather pleasant experience. I can certainly recommend the company and their product without reservations. The nice thing about dealing with Linux is the great number of people who are willing to help. Of course there are a few crazies around but the /dev/null file will never get filled cause they are so few. Regards, Richard
Hi Richard, Richard wrote:
I'm not that much of a newbie, I just do dumshit things somethimes. LIke killing my firewall while my cable modem is still connected. Or not writing down when I make major changes so I can go back.
in case you did not know, shorewall has several options that allow the testing of new configurations e.g.: normal fw config in /etc/shorewall and testing config in /etc/shorewall-test you can test the new config for 2 mins with shorewall try /etc/shorewall-test 180 just in case you did not know.... peace, Tom p.s.: if the tested configuration stays active for 180 minutes then i made an error and the parameter is min instead of sec ;)
On Thu, 2003-06-05 at 04:01, Thomas Seliger wrote:
Hi Richard,
Richard wrote:
I'm not that much of a newbie, I just do dumshit things somethimes. LIke killing my firewall while my cable modem is still connected. Or not writing down when I make major changes so I can go back.
in case you did not know, shorewall has several options that allow the testing of new configurations e.g.:
normal fw config in /etc/shorewall and testing config in /etc/shorewall-test
you can test the new config for 2 mins with shorewall try /etc/shorewall-test 180
just in case you did not know....
peace, Tom
p.s.: if the tested configuration stays active for 180 minutes then i made an error and the parameter is min instead of sec ;) Tom, I had seen a little about the test feature but never tried it. I guess I should as I am not completely done verifying that the VoIP is setup as best it can be. Thanks for the headsup. Richard
participants (7)
-
Eduard Avetisyan -
Ian David Laws -
John Andersen -
Richard -
Sigfred Håversen -
Thomas Seliger -
timo