I have noticed that when using ASL kernel during shutdown or when you stop the iptables firewall there is an error.
With the centos kernel such an error didn't come up. Is this serious ? Is there anyway if this is harmless to prevent from showing up ?

service iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: mangle nat filte[ OK ]
iptables: Unloading modules: iptable_mangle iptable_nat [FAILED]

regards

Its harmless and you can ignore it:

https://www.atomicorp.com/wiki/index.ph ... el_modules.

I am planning to firewall this box using a firewall in front of it.

Do I need to run the iptables firewall in order asl countermeasures to work ?
Such as blocking from modevasive etc ?

Regards

For firewall shunning you need iptables installed, ASL includes this as a dependency. ASL will setup its own chains to handle this, you do not need to do anything.



No, ASL takes care of this for you. You do not need to configure anything for ASLs countermeasures to work. We also do not recommend that you install other software to do the same thing.

Hi Mike,

No, what I meant is if when an attacker is found if ASL send a command to the iptables firewall in order to block him. Because if it doesn't use the iptables firewall I cant disable it as a service and win some ram since I have the external firewall ...

If I understand your question, yes if active reponse is enabled ASL will use Netfilter (iptables is just the command line tool to access the built in firewall in Linux called Netfilter) to block the source IP for a period of time.

ASL uses Netfilter as an additional means of blocking attackers when:

1) Longer term shuns are necessary
2) When a service itself does not provide an adequate means of blocking an attacker

We do not recommend you disable or remove iptables from your system.

As an aside, Netfilter is extremely lightweight and uses very little memory, so if you are trying to save memory Netfilter would be the absolutely last thing I would worry about. If your system is that low on memory that you believe you need to upload netfilter modules, I highly recommend you get more memory. You are unlikely to notice any difference on a modern system in terms of memory usage if you unload netfilter, and your system would be unlikely to do much if it needed the tiny little bit of memory the kernel uses for Netfilter.

I hope this answered your question.

Definately asnwered my questions.
The apart from my external firewall I will leave iptables running with pass all in inbound traffic so that ASL can execute blocks of ip's in case of attacks.

It would have also been great in general if you could provide us with a template for firewalling webhosting machines using iptables in case people don't have an external firewall. It has been discussed in the past I know ...

If only someone had written a book about this!

Yeah, couldn't some please, do that. Use something fierce, dangerous, mayby posionous, on the front page, write about 19 chapters, with examples, some sense of houmor and real world examples. Come one, someone must do it! And then sell it through a big bookstore online so everyone is able to order it (oh wait, I got a two great ideas in one, both write the book and start an online bookstore. Wonder why noone else thought about this...?)


http://www.gotroot.com/Resources+for+Troubleshooting+Linux+Firewalls
or
http://www.amazon.com/Troubleshooting-Linux-Firewalls-Michael-Shinn/dp/0321227239

I jut got the book. When I have time and I read it I'll send you my comments

Im sure my editor is throwing you a parade right now.

hahahaha