Honeypots mailing list archives
Re: honeywall roo: rc.firewall questions
From: "Earl Sammons" <esammons () hush com>
Date: Sat, 28 May 2005 23:18:50 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 James, Looks like we have a "bug" in the "Roach Motel" feature (Sorry, couldn't resist). I'm not the Iptables dude but I don't believe there should be any INPUT/OUTPUT stuff inside the "ROACH" loop since it deals with bridge traffic. You're right, yum will NOT work if you turn roach motel mode on. Thanks for the feedback. Bug #292 posted at https://bugs.honeynet.org Earl On Sat, 28 May 2005 01:57:47 -0700 James Oliver <686f6e6579 () gmail com> wrote:
Hi, Earl - thanks for your answer!I'm going to "punt" (for the moment) on "A" but as far as "B"goes,we set things up so that by default: ALLOWED_TCP_OUT=22 25 43 80 443 ALLOWED_UDP_OUT=53 123 to support: SSH, SMTP, Whois, WWW, SSL, DNS, and NTP outbound. As long as you have configured management IP/Netmask/GW/DNS and have not otherwise undone the above yum update should work.As far as I see in the comments in honeywall.conf ALLOWED_(TCP|UDP)_OUT should affect the honeypots. In the roo rc.firewall the iptables rules with ALLOWED_(TCP|UDP)_OUT affect the OUTPUT rule of the honeywall, and should therefore control the honeywall locally generated traffic (management interface). However, these rules are inside the ROACHMOTEL block (affecting the honeypots), so they don't get executed on my honeywall since I have enabled the ROACHMOTEL feature. Maybe this is why yum (or any other connection outbound from the honeywall itself) doesn't work. Has anybody enabled ROACHMOTEL and can still use yum? Thanks, James
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkKZXuoACgkQk7+e+4lPSm0R0wCeKTUZZlmJPN47TlCxcyZ5k9V0oqsA oLgeHtHazLa/XPCydxPYBXTpZqRn =WA+f -----END PGP SIGNATURE-----
Current thread:
- honeywall roo: rc.firewall questions James Oliver (May 26)
- Message not available
- Re: honeywall roo: rc.firewall questions Jocelyn Parker (May 28)
- Message not available
- <Possible follow-ups>
- Re: honeywall roo: rc.firewall questions Earl Sammons (May 27)
- Re: honeywall roo: rc.firewall questions James Oliver (May 28)
- Re: honeywall roo: rc.firewall questions Earl Sammons (May 29)
- Re: honeywall roo: rc.firewall questions Earl Sammons (May 29)