raffles10 Posted April 23, 2006 Report Share Posted April 23, 2006 I've started using Guarddog and I've stopped Shorewall and disabled it from loading at boot is this right ? As I understand it they are both frontends for iptables so I don't need both. Is Mandi another iptables frontend ? I'm a bit confused as to what I need to run, I want to use Guarddog to control port access. I'm using Mandriva 2006 powerpack and dial up with kppp. Quote Link to comment Share on other sites More sharing options...
tyme Posted April 23, 2006 Report Share Posted April 23, 2006 yes, both shorewall and guarddog are iptables front-ends. if you want to use guarddog you should disable shorewall, but i believe you need to have guarddog started somewhere along the way - be it at boot or after you login. Quote Link to comment Share on other sites More sharing options...
raffles10 Posted April 23, 2006 Author Report Share Posted April 23, 2006 Guarddog doesn't show up as a system service in the Mandriva Control Centre, as shorewall does. How do I start it at boot ? Quote Link to comment Share on other sites More sharing options...
tyme Posted April 23, 2006 Report Share Posted April 23, 2006 it's my understanding that guard dog creates a file, /etc/rc.firewall, which mandriva should run at boot time. check to see if the file exists, and see if a process named similarly is running: ps -fu root | grep firewall Quote Link to comment Share on other sites More sharing options...
daniewicz Posted April 23, 2006 Report Share Posted April 23, 2006 Guarddog sends iptables commands to the iptables service. The iptables service needs to be running if Guarddog is to be used. Quote Link to comment Share on other sites More sharing options...
raffles10 Posted April 24, 2006 Author Report Share Posted April 24, 2006 After a reboot everything seems to be working /etc/rc.firewall exists but I can't find any similar process running also iptables is showing as stopped in MCC as is shorewall which I stopped myself, but I passed as true stealth at grc.com, so it seems to be ok. Quote Link to comment Share on other sites More sharing options...
tyme Posted April 24, 2006 Report Share Posted April 24, 2006 you'll want to start iptables back up. grc.com isn't necessarily the most reliable test ;) there are a lot of things that could cause you to show up as"true stealth" on their test. Quote Link to comment Share on other sites More sharing options...
raffles10 Posted April 24, 2006 Author Report Share Posted April 24, 2006 I tried to start iptables from MCC and it still shows as stopped. It says in the Guarddog manual that Guarddog does not have to be running for it to protect your system is the same is true for iptables ? I tried the quickscan at sygate and all showed as blocked, so I don't know if everything is working exactly as it should but it seems to be doing the job. Quote Link to comment Share on other sites More sharing options...
raffles10 Posted April 24, 2006 Author Report Share Posted April 24, 2006 I've read in another place (Mandriva Club) that "It is normal for iptables to be listed as stopped. It runs once at boot and then terminates." And /etc/rc.firewall contents show that it was generated by Guarddog, so all seems to be working fine. Thanks. Quote Link to comment Share on other sites More sharing options...
static Posted May 9, 2006 Report Share Posted May 9, 2006 Just so you know - Guarddog (my personal fave) creates your firewall rules (as mentioned above) but doesn't need to be running. Basically, the rules are created or changed by guarddog, then you can close it. The system will apply the rules whenever the network interface is started (including while you're booting up) so you don't necessarily need a firewall service running all the time like you would in windows. Hope that helps ;) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.