Interesting changes

For discussions about security.
Post Reply
Message
Author
User avatar
SFR
Posts: 1800
Joined: Wed 26 Oct 2011, 21:52

#21 Post by SFR »

Glad it works for you, too!
If I wanted to open up a port or two, would you know how to do that easily?
I have no idea. Best if someone who knows anything about iptables could take the floor...
I guess if I reran the Puppy firewall setup (either automagic or custom) it might lose the stealth settings that the snippet of code provides?
Yep, and additionally firewall settings get resetted to defaults at boot time by /etc/rc.d/rc.firewall script.

Greetings!
[color=red][size=75][O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource[/size][/color]
[b][color=green]Omnia mea mecum porto.[/color][/b]
Top
User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#22 Post by Smithy »

Yes, just a minor modification to the firewall setup dialog could be good, incorporating that code and additionally adding "on the fly" open up or back to stealth ports as user sees fit.

I noticed firestarter looks pretty good:
http://www.fs-security.com/
and g uncomplicated firewall too:
http://gufw.org/new

But the Puppy firewall just sits there nicely imo and has done for years, so maybe best not to throw out the baby just because the bathwater is a little murky.
Top
User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#23 Post by Smithy »

I copied bits of this post from 2009 by martin, legend of thor, bit fiddlyfinikity, but that is the linux way sometimes :wink:

This code will open port 2234:

Code:

Code: Select all

iptables -A INPUT -i eth1 -p tcp --sport 2234 -m state --state ESTABLISHED -j ACCEPT
If a programme requires a particular port to be opened, such as Nicotine, you can make a simple script that opens the port and executes the programme. Eg:

Code:

Code: Select all

#!/bin/sh
iptables -A INPUT -i eth1 -p tcp --sport 2234 -m state --state ESTABLISHED -j ACCEPT
/usr/bin/nicotine

This will open port 2234 and run the Nicotine programme. This works for me.

Remember, that some programmes require multiple ports to be opened. Just add extra iptables lines and the required port.

how to find out what programmes are accessing ports type in Terminal:

Code:

Code: Select all

netstat -nlp

Thanks to trapster for this info.

To check if the port has opened from the first post type:

Code:

Code: Select all

iptables -L
PS: Sometimes your programme still won't be able to access the internet - this may due to:
1. It requires extra ports to be opened or
2. Modem firewall is blocking.

Security does not appear compromised with this procedure - I went to ShieldUp! to test and it came back as stealthed.
Top
User avatar
SFR
Posts: 1800
Joined: Wed 26 Oct 2011, 21:52

#24 Post by SFR »

Thanks for sharing this, Smithy.
I'll write it down for future reference. :)

Greetings!
[color=red][size=75][O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource[/size][/color]
[b][color=green]Omnia mea mecum porto.[/color][/b]
Top
Post Reply

Return to “Security”