On 18 September 2010 11:24, Anthony Lenya <tlensya@gmail.com> wrote:

Hhhmmm!
Interesting scenario you have there. Any I use Iptables and SElinux
but I set the SElinux mode to permissive, thats way it doesnt cause
issues. I would also ask you to consider vyatta or smoothwall. These
are open source distros that u can use as routers and firewalls.

Regards,

Lenya

On Sat, Sep 18, 2010 at 11:07 AM, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
> Good points... but something that I was fearing has come to happen.
>
> I got to the office this morning after disabling iptables yesternight to
> find that clients could not access the internet. On talking to guys at our
> ISP, they said that they could reach our public IP. We could not reach our
> firewall's gateway... right then I knew it was something to do with
> iptables... so I ran service iptables status and there were no rules in
> iptables. vi /etc/sysconfig/iptables showed that the rules were intact in
> the file, so I restarted iptables and enabled SELinux. But I noticed that
> every 6 or so minutes, iptables would fail again. I suspect that my Linux
> box could be compromised. I only had ports 22, 80 and stunnel listening at
> 20000 accessible from the outside world. So far I have added an entry to
> crontab that restarts iptables every 5 minutes while I "investigate". What
> could have happened to my iptables?
>
>
> A concerned me....
>
> On 17 September 2010 18:22, [ Brainiac ] <arebacollins@gmail.com> wrote:
>>
>> I evaluated these and had a breeze of a time with clear os and psense,
>> but as accurately indicated, iptables are as good as you set them.
>>
>> On Friday, September 17, 2010, Nd'wex Common <flexycat@gmail.com> wrote:
>> > @Simon
>> >
>> > For starters, enabling SELinux will indeed give you some sleepless
>> > nights and would be best if you disabled it.
>> > The security of your system/network is dependent on how well you
>> > configure iptables.
>> >
>> > Zentyal and other bundled network management systems eg ClearOS [based
>> > on centos also web-based interface] can be good admin. products but you need
>> > to fully understand what they can do and what they cannot with relation to
>> > your needs.
>> >
>> > my thoughts
>> >
>> > On Fri, Sep 17, 2010 at 3:50 PM, Simon Mbuthia <simon.mbuthia@gmail.com>
>> > wrote:
>> >
>> > Hi guys,
>> >
>> > I have been running a CentOS firewall for a few months, but it seems to
>> > me like the machine is posessed by something. All of a sudden no port is
>> > open from outside except ssh which I'd like to be accessible only from
>> > within my LAN. The problem is SELINUX. I'm a bit apprehensive about
>> > disabling SELINUX [and only use iptables] though I don't know what security
>> > risks I'd be exposing myself to by so doing - if any. Thanks to one
>> > skunkmaster Jangita, I have learnt about Zentyal, a Ubuntu/Debian-based ...
>> > thingie that comes bundled with a number of services [firewall, IDS etc]
>> > which can be administered thru a sleek web-based interface.
>> >
>> > My question/s is/are: would it be safe for me to use iptables only and
>> > disable SELINUX? Is Zentyal formidable enough to use as a security solution
>> > for a small business network? And why does SELinux have to be such a pain in
>> > the neck???
>> >
>> >
>> >
>> > Me.
>> >
>> > _______________________________________________
>> > Skunkworks mailing list
>> > Skunkworks@lists.my.co.ke
>> > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> > ------------
>> > Skunkworks Server donations spreadsheet
>> > Skunkworks Server
>> > Harambee <http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&hl=en>
>> > ------------
>> > Skunkworks Rules
>> > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> > ------------
>> > Other services @ http://my.co.ke
>> >
>> >
>>
>> --
>> Regards,
>>
>> Collins Areba.
>> Strategic Operations.
>> Center for Renewable Alternatives
>> Old Ferry Road, off Msa Malindi Rd,
>> Kilifi, Kenya.
>> +254 720 516758
>> +254 734 696821
>> skype/gtalk/twitter: arebacollins
>>
>> *Solar *| * Wind *| * Waves * | * Biomass *
>> _______________________________________________
>> Skunkworks mailing list
>> Skunkworks@lists.my.co.ke
>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> ------------
>> Skunkworks Server donations spreadsheet
>>
>> http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&hl=en
>> ------------
>> Skunkworks Rules
>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> ------------
>> Other services @ http://my.co.ke
>
> _______________________________________________
> Skunkworks mailing list
> Skunkworks@lists.my.co.ke
> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
> ------------
> Skunkworks Server donations spreadsheet
> http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&hl=en
> ------------
> Skunkworks Rules
> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
> ------------
> Other services @ http://my.co.ke
>
_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&hl=en
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke