network again

[G Rajesh]

Hi,
> I simply installed "firehol"
> and used that to config my fw settings.
You're right. I am using shorewall to configure firewall. still port 113  
seems to be closed (not stealth). Previously, www.grc.com used to give  
'perfect stealth', now I do not get it.

> As far as I know, Ubuntu doesn't set up iptables by default (I could
> be wrong) but it doesn't have any open ports either.
You're right. But some softwares opens or closes (not stealth) port  
inadvertantly, then how do you restore to its original state is my  
problem. If there could be some script that can do this, it would be  
helpful. Some thing like config-debian, base-config, etc that can restore  
the system configuration to original state (say, restore-config?!) would  
be great.

> That's why I chose firehol.
How about shorewall. Is it easier than shorewall? BTW, it tried guarddog  
which gave back perfect stealth (not even firestarter), but some problem  
occurs that the .ICEauthority file's ownership is set to root when using  
guarddog and I could not log as user. So, it shunned it.

> the default policy should be set to ACCEPT (check with iptables -L). I  
> don't think the fault >lies with iptables, rather the configuration of  
> it.
I agree the mistake is not iptables' but configuration, but how to restore  
original configuration is my problem. BTW, I beg to differ, as the default  
setting should be to drop packets rather than to reject them. This will  
lead to stealth ports rather than closed ports, right?
Regards,
Rajesh