anyone tried HLS firewall

fresher 0 Newbie Poster

17 Years Ago

Hi all, anyone tried HLS firewall? [URL]http://homelansecurity.sourceforge.net/[/URL]
Basically, i am designing a web based front end (using php) for this program so i have completely 'turned off' custom.conf. The idea is that for instance if i want to block icmp pings, i'll just click a check box say, which then calls the icpm function from the script or say i want to disable DNS then i'll click a check box on the GUI which theb calls DNS_WAN from the shell script.

My Problem:

When i run the program it still allows DNS queries for instance albeit all targets are set to DROP.

something like:

$IPT -A OUTPUT -o $WANIFACE -p tcp --sport 53 \
>   --m state --state NEW,ESTABLISHED --dport 53 -j DROP 
> $IPT -A INPUT -o $WANIFACE -p tcp --sport 53 \
>   --m state --state ESTABLISHED --dport 53 -j DROP
>

Output of iptables -L

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ICMP       icmp --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply state ESTABLISHED 
INVALID    tcp  --  anywhere             anywhere            
BASIC      all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
DROP       tcp  --  anywhere             anywhere            tcp spt:ssh dpt:ssh state ESTABLISHED 
DROP       tcp  --  anywhere             192.168.114.128     tcp spts:1024:65535 dpt:domain 
DROP       tcp  --  anywhere             192.168.114.128     tcp spts:1024:65535 dpt:http 

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request state NEW 
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
DROP       tcp  --  anywhere             anywhere            tcp spt:ssh dpt:ssh state NEW,ESTABLISHED 
DROP       tcp  --  192.168.114.128      anywhere            tcp spt:domain dpts:1024:65535 
DROP       tcp  --  192.168.114.128      anywhere            tcp spt:http dpts:32768:61001 

Chain BASIC (1 references)
target     prot opt source               destination         
DROP       tcp  --  anywhere             anywhere            tcp flags:!SYN,RST,ACK/SYN state NEW 
DROP       all  --  192.168.114.128      anywhere            
DROP       all  --  localhost.localdomain  anywhere            
RETURN     all  --  anywhere             anywhere            

Chain ICMP (1 references)
target     prot opt source               destination         

Chain INVALID (1 references)
target     prot opt source               destination         
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
DROP       tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN,RST 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN/FIN,SYN 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
DROP       tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN,RST 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN/FIN,SYN 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
DROP       tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN,RST 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN/FIN,SYN 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
DROP       tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN,RST 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN/FIN,SYN 
RETURN     all  --  anywhere             anywhere

NB: I am using just one interface (eth0) ie. its not a gateway or router at all

any help will be immensely appreciated. thanks

shell-scripting

Edited 11 Years Ago by TrustyTony because: fixed formating

1 Contributor
0 Replies
83 Views

Be the first to reply

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.