Re: honeywall roo: rc.firewall questions

["Earl Sammons" <esammons () hush com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

James,

Looks like we have a "bug" in the "Roach Motel" feature (Sorry,
couldn't resist).  I'm not the Iptables dude but I don't believe
there should be any INPUT/OUTPUT stuff inside the "ROACH" loop
since it deals with bridge traffic.

You're right, yum will NOT work if you turn roach motel mode on.

Thanks for the feedback.   Bug #292 posted at
https://bugs.honeynet.org

Earl

On Sat, 28 May 2005 01:57:47 -0700 James Oliver
<686f6e6579 () gmail com> wrote:
> Hi,
>
> Earl - thanks for your answer!
>
> > I'm going to "punt" (for the moment) on "A" but as far as "B"
> goes,
> > we set things up so that by default:
> >
> > ALLOWED_TCP_OUT=22 25 43 80 443
> > ALLOWED_UDP_OUT=53 123
> >
> > to support:
> >
> > SSH, SMTP, Whois, WWW, SSL, DNS, and NTP outbound.
> >
> > As long as you have configured management IP/Netmask/GW/DNS and
> > have not otherwise undone the above yum update should work.
>
> As far as I see in the comments in honeywall.conf
> ALLOWED_(TCP|UDP)_OUT should affect the honeypots. In the roo
> rc.firewall the iptables rules with ALLOWED_(TCP|UDP)_OUT affect
> the
> OUTPUT rule of the honeywall, and should therefore control the
> honeywall locally generated traffic (management interface).
> However,
> these rules are inside the ROACHMOTEL block (affecting the
> honeypots),
> so they don't get executed on my honeywall since I have enabled
> the
> ROACHMOTEL feature.
>
> Maybe this is why yum (or any other connection outbound from the
> honeywall itself) doesn't work.
>
> Has anybody enabled ROACHMOTEL and can still use yum?
>
> Thanks,
> James
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkKZXuoACgkQk7+e+4lPSm0R0wCeKTUZZlmJPN47TlCxcyZ5k9V0oqsA
oLgeHtHazLa/XPCydxPYBXTpZqRn
=WA+f
-----END PGP SIGNATURE-----