apf and iptables
Posted by smrtalex, 01-11-2008, 02:12 AM Does the iptables service need to be running in order for APF to function? If so, can APF act like it is running, when the iptables service is not running, thus giving you a false sense of security?
Posted by mathew_p_a, 01-11-2008, 10:53 AM Definitely! Apf is an iptables based firewall system. So you need to have iptables for apf to function. http://rfxnetworks.com/apf.php
Posted by Ramprage, 01-11-2008, 11:28 AM APF is basically a easier way to manage iptables.
Posted by pat543, 01-11-2008, 11:30 AM yes, apf is a tool developed above iptables to help firewall'ing easy. So iptables is not running means, NO firewall is enabled in the server even though apf is running.
Posted by smrtalex, 01-11-2008, 03:36 PM How can I be sure that iptables is running before starting APF?
Posted by Jeremy, 01-11-2008, 05:01 PM Its all ways running, kinda. Install APF, config it, run 'iptables -L' to see the rules. simply test buy blocking some port you need, just not port 22
Posted by smrtalex, 01-11-2008, 06:26 PM Thanks! I am getting output when I run 'iptables -L' that contains IP's that were blocked via APF. So it looks like we're ok. But just to clarify, would APF install if iptables was not installed?
Posted by Chris Patti, 01-11-2008, 06:55 PM No, but usually every linux box that you buy has iptables.
Posted by derek.bodner, 01-11-2008, 07:11 PM Gentoo doesn't (but you wouldn't buy Gentoo). I can't think of another distro that doesn't come with iptables installed by default, though. Does Source Mage?
Posted by smrtalex, 01-11-2008, 07:43 PM Thanks! This is a Red Hat box, so I think we are ok. Thanks again!
Posted by smrtalex, 01-14-2008, 01:58 PM Is there a way to determine if IPTABLES is running with the 'ps' command or any other command, other than 'iptables -L'?
Posted by creaws, 01-14-2008, 02:36 PM iptables is not an user space process, so you can not see it with ps command. "IP tables" are kernel level strucutes to manage IP packets (routing and firewalling), and iptables command set rules for each IP packet that kernel catch. if you are not root use /sbin/iptables -L with complete path, generally it works. Best regards, creaws.
Posted by smrtalex, 01-14-2008, 03:08 PM Thank you! Can iptables be started, stopped, and restarted? For example: /etc/init.d/iptables restart Is running iptables just causing the kernel to manage the IP packets? So if I ran '/etc/init.d/iptables stop', the kernel would stop managing the IP packets? Am I understanding that correctly? Thanks again!
Posted by creaws, 01-14-2008, 03:42 PM etc/init.d/iptables stop will "flush" all your firewalling ruleset, and only if you complied in your kernel the firewalling support as a module, this will be unloaded. But only disable firewalling, not routing or other IP features. Regards! Creaws.
Posted by smrtalex, 01-14-2008, 03:51 PM creaws, Thank you! Hopefully this will be the last question! Is it same to assume that since I do get output from 'iptables -L' that it is compiled into my kernel? And if not, how would I be able to determine if it is compiled into my kernel? Thanks again!
Posted by creaws, 01-14-2008, 03:56 PM If command iptables -L works, that means that your kernel has support for iptables firewalling. To determine if ir is working as a kernel module or built in the kernel type lsmod and search for "ip_tables". If you find it your firewall is running as a kernel module, other case it is working built in on the kernel. Hope this help you. Best regards!
Posted by smrtalex, 01-14-2008, 04:04 PM Thank you!!!!!!!
Posted by creaws, 01-14-2008, 04:11 PM If the command 'iptables -L' works that means your kernel has firewalling support. To determine if it is compiled as a kernel module or built in, type as root the command "lsmod" and search for "ip_tables", if you found it you have firewalling support as a module other case firewalling is built in on the kernel. Hope this help you. Best regards! CreaWs.
Posted by creaws, 01-14-2008, 04:16 PM Sorry, I wrote the post two times.... Regards!