Re: fwbuilder and problems getting it to do what I want when…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MKevinO at <-
MKevinO at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: technomage
Date:  
To: plug-discuss
Subject: Re: fwbuilder and problems getting it to do what I want when i want
On Saturday 30 October 2004 08:51 pm, KevinO wrote:
> technomage wrote:
> > Ok,
> > I remember the presentation about a year ago when fwbuilder was first
> > introduced. I thought it might be an interesting tool.
> >
> > However, there are some problems with how it functions (namely, after the
> > firewall is compiled, some things don't work quite as expected, and other
> > "features" in the program itself require retooling).
> >
> > firstly,
> > the program doesn't allow me to initialize a "deny all" on the internet
> > interface and then followup with specified port openings (error: rules 0
> > shades rule 1. compile failed).
>
> Normal behavior. The second rule shadows the first, and you have 'check for
> rule shadowing' enabled, which it is by default. Catch all rules should go
> towards the bottom.
>
> > Another problem, I can't tell it to allow ping requests on the firewall.
> > after compile with that rule, the firewall still will not respond to
> > pings.
>
> I know this works too. How are you trying to do it? Are you trying to allow
> pings to the firewall or through the firewall?
>
> Have you checked the box "consider firewall part of 'any'"?
> (This setting makes a big difference)
>
> Using the wizard to make a 'quick firewall' will give you something to look
> at as an example. Looking at the script output from the program will help
> you learn what the program generates in response to a rule.
>
> If you haven't read the whole manual for fwbuilder, you should.
Well,
the manual is ok. I just wish it went into a bit more detail.

some of the settings detailed above were checked as they should be.

as for the ping thing, that was for the firewall itself and not the insode
network..

I don't mean to be a downer here, but I've been in front of my machine for 3
days straight (except for sleep, restroom breaks and meals) and all I have to
show for it is a partially functional firewall.

btw, anything for the 2.6 kernel set I should be aware of?
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: fwbuilder and problems getting it to do what I want when i wantRe: Install Fest->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)