|

Computer Security

»

»

Firewall Builder

»

fwbuilder-discussion

How to get an -A INPUT -j REJECT rule through the GUI?

View: New views

3 Messages — Rating Filter: Alert me

	How to get an -A INPUT -j REJECT rule through the GUI? by Whit Blauvelt :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I'm finding I prefer setting up my iptables rules without "Assume firewall is part of 'any'" checked. Not sure if this is specific to that, but here's what I can't seem to get it to do. Getting a final FORWARD rule to log and drop is of course simple: Any, Any, Any, All, In/Out, Block, Log Getting a final OUTPUT rule to log and drop works okay works fine by putting the local interfaces in the Source column, like Interfaces, Any, Any, All, In/Out, Block, Log But none of the GUI options I've tried result in a rule that compiles to a block and log statement for the end of the INPUT chain. Can it be done through the GUI? I can get the desired ruleset putting this in the Epilog box: $IPTABLES -N INPUT_DROP $IPTABLES -A INPUT -j INPUT_DROP $IPTABLES -A INPUT_DROP -j LOG --log-level info --log-prefix "INPUT -- DENY " $IPTABLES -A INPUT_DROP -j DROP But I'd rather than stay within the GUI than kludge it like that. Thanks, Whit ------------------------------------------------------------------------------ _______________________________________________ Fwbuilder-discussion mailing list Fwbuilder-discussion@... https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion
	Re: How to get an -A INPUT -j REJECT rule through the GUI? by Vadim Kurland ✎ :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Jul 22, 2009, at 11:20 AM, Whit Blauvelt wrote: > Hi, > > I'm finding I prefer setting up my iptables rules without "Assume > firewall is > part of 'any'" checked. Not sure if this is specific to that, but > here's > what I can't seem to get it to do. > > Getting a final FORWARD rule to log and drop is of course simple: > > Any, Any, Any, All, In/Out, Block, Log > > Getting a final OUTPUT rule to log and drop works okay works fine by > putting > the local interfaces in the Source column, like > > Interfaces, Any, Any, All, In/Out, Block, Log > it would be simpler to put firewall object in "source" in this rule > But none of the GUI options I've tried result in a rule that > compiles to a > block and log statement for the end of the INPUT chain. > > Can it be done through the GUI? I can get the desired ruleset > putting this > in the Epilog box: > > $IPTABLES -N INPUT_DROP > $IPTABLES -A INPUT -j INPUT_DROP > $IPTABLES -A INPUT_DROP -j LOG --log-level info --log-prefix > "INPUT -- DENY " > $IPTABLES -A INPUT_DROP -j DROP > > But I'd rather than stay within the GUI than kludge it like that. just put firewall object in destination, this will yield rule in the INPUT chain. --vk ------------------------------------------------------------------------------ _______________________________________________ Fwbuilder-discussion mailing list Fwbuilder-discussion@... https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion
	Re: How to get an -A INPUT -j REJECT rule through the GUI? by Whit Blauvelt :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Thanks. Simply didn't realize the Firewall icons are themselves objects to be placed within firewalls. Works precisely. Whit ------------------------------------------------------------------------------ _______________________________________________ Fwbuilder-discussion mailing list Fwbuilder-discussion@... https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion