[callagga]

Hi,

I've updated my firewall "advanced" tab however I still seem to be able to log in remotely via ports I believe should be closed..

Q1 - Do you need to do something to refresh/enable the latest firewall settings you put in place via the web admin tool ?

Q2 - Where are the config files in redhat I could look directly at to see my firewall rules?

Q3 - Is there a firewall log that exists (or I could enable) to see firewall in action (i.e. see an incoming request to port 3001 and it come through, and ideally which firewall rule allowed this through, as well as those requests that get blocked).

Thanks in advance

[21064A]

To check for firewall config, open a terminal, enter: /sbin/iptables -L

This will list all your rules.

Also, never ever should you use the GUI tools for setting up a firewall. They are too primitive. You should use a bash script for setting up the firewall and for testing. Once the firewall is production ready, you should use "iptables save" and stop using the script.

[Thrillhouse]

Quote:

Originally Posted by callagga

Q3 - Is there a firewall log that exists (or I could enable) to see firewall in action (i.e. see an incoming request to port 3001 and it come through, and ideally which firewall rule allowed this through, as well as those requests that get blocked).

Usually firewall messages are only written to a log file if you specify the LOG target in the rule. If you do have a LOG rule, any packets that match its criteria will output a message to /var/log/messages.

[Lazydog]

Quote:

Originally Posted by callagga

Q1 - Do you need to do something to refresh/enable the latest firewall settings you put in place via the web admin tool ?

You could always stop and restart the firewall with the following with root privs;

/sbin/service iptables restart

Quote:

Q2 - Where are the config files in redhat I could look directly at to see my firewall rules?

Firewall rules are located in;

/etc/sysconfig/iptables

Quote:

Q3 - Is there a firewall log that exists (or I could enable) to see firewall in action (i.e. see an incoming request to port 3001 and it come through, and ideally which firewall rule allowed this through, as well as those requests that get blocked).

Thanks in advance

You will need to setup your firewall to log everything you want to see. I don't use any tools for configuring my firewall, I do it by hand, so I'm not going to be able to help you much here. Sorry.

[callagga]

Quote:

Originally Posted by Thrillhouse

Usually firewall messages are only written to a log file if you specify the LOG target in the rule. If you do have a LOG rule, any packets that match its criteria will output a message to /var/log/messages.

thanks Thrillhouse, you wouldn't have an example iptable command that sets up logging would you? just reading the doco at the moment it doesn't seem crystal clear...

tks

[callagga]

Quote:

Originally Posted by Lazydog

You could always stop and restart the firewall with the following with root privs;
[i]
/sbin/service iptables restart

thanks Lazydog, thats what I was looking for too. regards