Honeypots mailing list archives
Re: honeywall roo: rc.firewall questions
From: "Earl Sammons" <esammons () hush com>
Date: Sat, 28 May 2005 23:41:13 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jocelyn, You're right on the money... Bug 292 filed. Hey wait... aren't Roach Motels supposed to have bugs in them :-/ Thanks for the feedback. Earl On Sat, 28 May 2005 02:23:32 -0700 Jocelyn Parker <jocelynp () ti parmapatas net> wrote:
James, I think HwRESTRICT (yes/no) is meant to establish whether the honeywall itself is to be restricted on the type of outgoing traffic it can generate itself (nothing to do with traffic going through it, from or to the honeypots). If that assumption is correct (I think the messages you see when you configure the system using the "interview" method in the "menu" confirm this) and HwRESTRICT is enabled, then: - HwALLOWED_TCP_OUT and HwALLOWED_UDP_OUT list the TCP and UDP ports that the honeypot itself is allowed to open connections to. - It is correct that these rules apply to the OUTPUT chain. What I don't see is why these rules are located inside the "ROACHMOTEL=no" section in rc.firewall. The way I see it, ROACHMOTEL (yes/no) is an all-or-nothing variable to decide whether honeypots can initiate connections to the outside world or not. If ROACHMOTEL=yes then no outgoing connection from the honeypots is allowed. If ROACHMOTEL=no then all outgoing connections from the honeypots are allowed (but rate-limited). I think HwRESTRICT and ROACHMOTEL should be completely independent. I may be missing something, though, because the programmer explicitly stated that the HwRESTRICT block should be subject to the ROACHMOTEL mode: :-( (/etc/init.d/rc.firewall, line 522): # Moved the following block to this location, should be subject to ROACHMOTEL mode Makes sense? You may want to log a bug report at https://bugs.honeynet.org and see what the official response is. Jocelyn.
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkKZZCoACgkQk7+e+4lPSm08DwCeMmzGxrpym3Hd2UhWXeynFxt6+hcA nRhbqw6asDG2cJqU9VkJ56jbIHgA =nxtT -----END PGP SIGNATURE-----
Current thread:
- honeywall roo: rc.firewall questions James Oliver (May 26)
- Message not available
- Re: honeywall roo: rc.firewall questions Jocelyn Parker (May 28)
- Message not available
- <Possible follow-ups>
- Re: honeywall roo: rc.firewall questions Earl Sammons (May 27)
- Re: honeywall roo: rc.firewall questions James Oliver (May 28)
- Re: honeywall roo: rc.firewall questions Earl Sammons (May 29)
- Re: honeywall roo: rc.firewall questions Earl Sammons (May 29)