text editors

[kilimanjaro]

I don't know how to use the text editors. I am trying to change my rules for shorewall and I don't know how to do it. I tried to figure it out in kwrite and kate and I have no idea what I am doing.

[Guest kuchwas]

I highly recommend that you install WebMin and use it for Firewall configuration and most anything else.

 

Tim

[fuzzylizard]

What exactly are you having problems with? Also, are you launching the text editors as root or as a normal user?

 

If you are not launching the text editors as root then you will not be able to saved the changes you make to the config files. What you need to do is to su to root in a shell and then try editing the files.

 

> su
enter password:
# kate filename.conf

 

obviously you will need to enter your root password and the proper name of the file you wish to edit. This will launch the editor as root and allow you to modify and save the files.

[mtweidmann]

alternatively:

 

kdesu kate /the/path/to/your/file.conf

 

Using KDESU will mean that only that app is launched with root permissions.

 

Be careful when editting config files directly as computers are very picky, even the slightest typo could be be a show stopper. I'd go along with Kuchwas and recommend using a graphial tool like Webmin.

[kilimanjaro]

I don't have problem opening kate, but what do I do when I open it? I opened kate and actually got to the right file - shorewall rules, but I had no idea what to do then. I get a buch of text and tables, where do I enter new info? how do I enter new info, How do I know if what I did works?

 

I get stuff like this Now what do I do? How do I change the information here, where do I change it?

 

 

#

# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]

#

# This file should be placed in /etc/shorewall

#

# © 1999,2000,2001,2002,2003 - Tom Eastep (teastep@shorewall.net)

##################################################################

#

# You should not have to change the variables in this section -- they are set

# by the packager of your Shorewall distribution

#

SHARED_DIR=/usr/lib/shorewall

#

####################################################################

#

# General note about log levels. Log levels are a method of describing

# to syslog (8) the importance of a message and a number of parameters

# in this file have log levels as their value.

#

# Valid levels are:

#

# 7 debug

# 6 info

# 5 notice

# 4 warning

# 3 err

# 2 crit

# 1 alert

# 0 emerg

#

# For most Shorewall logging, a level of 6 (info) is appropriate. Shorewall

# log messages are generated by NetFilter and are logged using facility

# 'kern' and the level that you specifify. If you are unsure of the level

# to choose, 6 (info) is a safe bet. You may specify levels by name or by

# number.

#

# If you have build your kernel with ULOG target support, you may also

# specify a log level of ULOG (must be all caps). Rather than log its

# messages to syslogd, Shorewall will direct netfilter to log the messages

# via the ULOG target which will send them to a process called 'ulogd'.

# ulogd is available from http://www.gnumonks.org/projects/ulogd and can be

# configured to log all Shorewall message to their own log file

#########################################################

#

# PATH - Change this if you want to change the order in which Shorewall

# searches directories for executable files.

#

PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

 

#

# NAME OF THE FIREWALL ZONE

#

# Name of the firewall zone -- if not set or if set to an empty string, "fw"

# is assumed.

#

FW=fw

 

#

# SUBSYSTEM LOCK FILE

#

# Set this to the name of the lock file expected by your init scripts. For

# RedHat, this should be /var/lock/subsys/shorewall. On Debian, it

# should be /var/state/shorewall. If your init scripts don't use lock files,

# set this to "".

#

 

SUBSYSLOCK=/var/lock/subsys/shorewall

 

#

# SHOREWALL TEMPORARY STATE DIRECTORY

#

# This is the directory where the firewall maintains state information while

# it is running

#

 

STATEDIR=/var/lib/shorewall

 

#

# ALLOW RELATED CONNECTIONS

#

# Set this to "yes" or "Yes" if you want to accept all connection requests

# that are related to already established connections. For example, you want

# to accept FTP data connections. If you say "no" here, then to accept

# these connections between particular zones or hosts, you must include

# explicit "related" rules in /etc/shorewall/rules.

#

 

ALLOWRELATED=yes

 

#

# KERNEL MODULE DIRECTORY

#

# If your netfilter kernel modules are in a directory other than

# /lib/modules/`uname -r`/kernel/net/ipv4/netfilter then specify that

# directory in this variable. Example: MODULESDIR=/etc/modules.

 

MODULESDIR=

[pmpatrick]

Books have been written on how to set up ip tables; it's a very complicated subject. Unless you have some specific question, giving general advice is impossible. However, the procedure is somewhat automated in Mandrake Control Center>Security>DrakeFirewall. You can pick out the services you want to run there. If you have questions about specific security concerns or what the services are in DrakFirewall and what should be running(nothinhg unless your running a server), post back describing your situation.

[kilimanjaro]

The problem is that my firewall has never worked right, Mandrake control center doesn't set it right or else I don't know how to set it right, but it seemed pretty self explanitory.. When I try to use it, it cuts off all traffic with the net. I have another post about it in security. I tried to do what it said in the configuration file for shorewall, but I did know how to modify the file.

[Michel]

look at http://lumumba.luc.ac.be/michel

 

I have an adsl connection. It may give you an idea..I have changed the rules-file again in teh emanwhiel to address my needs, but it can give you an idea..and help you...

[Vdubjunkie]

My advice is to learn vi. When you can't get to gui you have vi. When you have nearly nothing useful in rescue mode, etc. you have vi.

 

http://www.ahinc.com/linux101/vi.htm

 

It really isn't as hard as it seems. I started out doing things the slow way by only knowing the necessary stuff. Then I started picking up a new command each week and now I am pretty proficient. :woops:

[kilimanjaro]

Sorry I haven't had time to do anything lately. I am in the middle of mid terms.

[Gowator]

Kilimanjaro

The documentation on the sohorewall site is damned comprehensive.

If you use the correct <quick start> it works from the box.

 

You can use Webmin or an editor to add some specifics.

[spiedra]

I 2nd the part about learning vi. Very powerful editor and wil come in handy when there is no gui. I personally don't like shorewall. I find it to be flakey. Try guarddog. It's very easy to set up. It practically sets itself for you.

[Gowator]

I found shorewall the worst firewall I have ever seen. I lost a whole week screwing around with it and was ready to define it as trash-ware.

Then I set it up the way shorewall recommend!!!!

 

Erm.... after that no problems at all.