firewalls

Sun Jul 23 18:54:54 UTC 2006

On 7/22/06, Gabriel M Dragffy <dragffy at yandex.ru> wrote:
>
>  Not to pinch this thread **but***, I wanted to try firehol on these
> recommendations, I read my way through the man and I am non the wiser. How
> do I learn to code for firehol, or does it have some kind of wizard setup?
>
>  On Sat, 2006-07-22 at 07:57 -0400, Barry wrote:
>
>  On 7/20/06, Terence J. Golightly <vze27hs6 at verizon.net> wrote: > Greetings
> Barry, > > I'm familiar with your problem. Did you resolve it? If not, see
> below > vvvv > > On Tue, 2006-07-18 at 18:54 -0400, Barry wrote: > > On
> 7/18/06, Scott Kitterman <ubuntu at kitterman.com> wrote: > > > On Tuesday 18
> July 2006 15:39, Jeremy J. Swarm wrote: > > > > > > > Mark Shuttleworth uses
> HTML. it's ok, it's just annoying. > > > > > > That doesn't make it good
> netiquette on a mailing list. > > > > > > Scott K > > > > > > > Mea culpa,
> mea culpa. I'm sorry. I didn't mean it. I rarely write > > mails on gmail. I
> didn't notice the setting. I > > > > That said, I started this by asking for
> firewall suggestions; I chose > > firehol and it's fine, except for one
> thing: it's logging every thing! > > There's a Mac OS machine that
> broadcasts every few seconds on 631 and > > my log's filling up with it. > >
> > That port is for cups. I my experience there should be a config file >
> that you can modify to tell cups not to broadcast. I don't know how > cups
> works on a Mac, but in Linux you can modify > the /etc/cups/cupsd.conf or
> the /etc/cups/cups.d/browsing.conf file: > > Browsing Off > > FWIW, I did
> this when I was running Mandriva and wahla! no more messages > filling up
> syslog. > > On the other end, I am not familiar with firehol. > > <snip> > >
> Regards, > > Terry > >
> Yes, that would have fixed the problem, but the owner of that machine wants
> cups browsing. It's clear that firehol gives you all the control of logging
> that iptables gives you, but I haven't yet been able to find a good example
> -- since I want the larger amount of logging for most services. Barry
> --

For what it's worth, I managed to get firehol to do what I wanted. I
could've done what I wanted with iptables directly, but I hope that
the extra complexity (sophistication?) that I am getting from using
the tool was worth the effort.