View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Firehol
Log in to Ask a Question

Firehol

networking

I'm planning to configure this as the firewall on my Linode and when I was doing:

ip link show

I get the following

1: lo: mtu 16436 qdisc noqueue

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: teql0: mtu 1500 qdisc noop qlen 100

link/void

3: dummy0: mtu 1500 qdisc noop

link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff

4: eth0: mtu 1500 qdisc pfifo_fast qlen 1000

link/ether fe:fd:46:55:81:37 brd ff:ff:ff:ff:ff:ff

5: sit0@NONE: mtu 1480 qdisc noop

link/sit 0.0.0.0 brd 0.0.0.0

6: tunl0@NONE: mtu 1480 qdisc noop

link/ipip 0.0.0.0 brd 0.0.0.0

7: gre0@NONE: mtu 1476 qdisc noop

link/gre 0.0.0.0 brd 0.0.0.0

If I put together a firehol config file which specifies only the eth0 will these others be blocked, and can anyone confirm for me what those are and if they're vital to the operation of my Linode?

Thanks, Tom

5 Replies

Just tried it and got the following message - can anyone help out with this:

Starting iptables firewall: FireHOL …

IMPORTANT WARNING:

FireHOL cannot find your current kernel configuration.

Please, either compile your kernel with /proc/config,

or make sure there is a valid kernel config in

/lib/modules/2.4.29-linode39-1um/build/.config,

/usr/src/linux/.config or /boot/config-2.4.29-linode39-1um

Because of this, FireHOL will simply attempt to load

all kernel modules for the services used, without

being able to detect failures.

Stopping: /etc/default/firehol forbids it.

done.

Thanks, Tom

Linode Staff

Stupid startup script, that is…

Anyhow, copy the contents of this post:

http://www.linode.com/forums/viewtopic.php?p=6129#6129

into one of those files.

-Chris

Thanks, works a treat.

So I'm assumiung I can ignore the other interfaces?

Thanks, Tom

@mthaddon:

So I'm assuming I can ignore the other interfaces? Thanks, Tom

Yes. Well, I did and everything is fine.

I'm posting this mainly so I can document my own setup, which is ubuntu dapper on a linode.

Hopefully it will help others as well.

@mthaddon:

Just tried it and got the following message - can anyone help out with this:

Starting iptables firewall: FireHOL …

IMPORTANT WARNING:

FireHOL cannot find your current kernel configuration.

Please, either compile your kernel with /proc/config,

or make sure there is a valid kernel config in

/lib/modules/2.4.29-linode39-1um/build/.config,

/usr/src/linux/.config or /boot/config-2.4.29-linode39-1um

Because of this, FireHOL will simply attempt to load

all kernel modules for the services used, without

being able to detect failures.

Firehol needs to find a kernel config in one of the above listed places. I wrote the following bash script for me to run if I have a kernel change (disclaimer, I'm a bash noob). The last line may need changing depending on your OS, or just omit it and restart firehol as you like to:

#! /bin/bash
if test ! -d /usr/src/linux
then
    mkdir /usr/src/linux
fi
if test -f /usr/src/linux/.config
then
  mv /usr/src/linux/.config /usr/src/linux/.config.bak
  gzip /usr/src/linux/.config.bak
fi
cp /proc/config.gz /usr/src/linux/config.gz
gunzip /usr/src/linux/config.gz
mv /usr/src/linux/config /usr/src/linux/.config
/etc/init.d/firehol restart

This next part of the original post reflects a completely different problem:
@mthaddon:

Stopping: /etc/default/firehol forbids it.

done.

Thanks, Tom

You need to edit /etc/default/firehol so it says:

START_FIREHOL=YES

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct