fiaif version 1.6.0-1 - whats happening?!?

Craig Reeson email hidden
Mon Jan 13 03:27:44 CET 2003


Anders/mail list,

it seems the syntax of rules has changed a lot...
output of fiaif test:

gateway:/etc/fiaif# /etc/init.d/fiaif test
FIAIF ver. 1.6.0-1, by Anders Fugmann (C) 2002-2003
Saving rules: iptables-save: match `state' v1.2.7a (I'm v1.2.6a).
Done.
Clearing all rules: Done.
/etc/init.d/fiaif: udp: command not found
Configuring zone: INT###
### Error in rules.
### It seems that a port was specified with protocol 'ALL'.
### Please recheck INPUT, OUTPUT, FORWARD, MARK and LIMIT rules.
### Old style IP's should not be used.
### Use xxx.xxx.xxx.xxx/yy=>zzz.zzz.zzz.zzz/vv style instead.
### Old style IP's should not be used.
### Use xxx.xxx.xxx.xxx/yy=>zzz.zzz.zzz.zzz/vv style instead.
### Old style IP's should not be used.
### Use xxx.xxx.xxx.xxx/yy=>zzz.zzz.zzz.zzz/vv style instead.
### Old style IP's should not be used.
### Use xxx.xxx.xxx.xxx/yy=>zzz.zzz.zzz.zzz/vv style instead.
### Old style IP's should not be used.
### Use xxx.xxx.xxx.xxx/yy=>zzz.zzz.zzz.zzz/vv style instead.
###
### Error in rules.
### It seems that a port was specified with protocol 'ALL'.
### Please recheck INPUT, OUTPUT, FORWARD, MARK and LIMIT rules.
 EXT### Old style IP's should not be used.
### Use xxx.xxx.xxx.xxx/yy=>zzz.zzz.zzz.zzz/vv style instead.
###
### Error in rules.
### It seems that a port was specified with protocol 'ALL'.
### Please recheck INPUT, OUTPUT, FORWARD, MARK and LIMIT rules.
 DMZ/etc/init.d/fiaif: udp: command not found
###
### Error in rules.
### All INPUT, OUTPUT, FORWARD, MARK and LIMIT rules
### should specify src and destination.

### *** FIAIF encountered errors ***
### 0 error(s) when testing zone configurations.
### 0 reference(s) to undefined zones.
### 10 error(s) in rule specifications.
### 0 iptables rule generation error(s).
Examining system Configuration:
/etc/init.d/fiaif: udp: command not found
Warning: icmp_echo_ignore_broadcasts=0
  System responds to broadcast ping.
  This is often used by hackers, who makes broadcast pings to see which
hosts are up.
Solution:
  Make sure the line 'net/ipv4/icmp_echo_ignore_broadcasts=1' is in
/etc/sysctl.conf

Warning: tcp_syncookies=0
  Send out syncookies when the syn backlog queue of a socket
  overflows. This is done to prevent against the common 'syn flood attack'
  This might break things on high load servers.
Solution:
  Make sure the line 'net/ipv4/tcp_syncookies=1' is in /etc/sysctl.conf


Problems found: 0
Warnings found: 2

Above is given a description of the problems and warnings found while
examining the system, and solutions are given.
Please read carefully, since it might improve overall security of your
system
For more information, please see:
  http://www.linuxhq.com/kernel/v2.4/doc/networking/ip-sysctl.txt.html
  http://ipsysctl-tutorial.frozentux.net/ipsysctl-tutorial.html
All rules has been written to /tmp/fiaif.out

HELP!

Craig


******************************************************************************************************************************************************************

The information transmitted is only for the person or entity to which it is
addressed and may contain confidential and/or privileged material.
Any review, retransmission, dissemination or other use of, or taking of any
action in reliance of this information by any persons or entities other
than the intended recipient is prohibited. If you received this in error
please contact the sender and delete the material from any computer.
******************************************************************************************************************************************************************





More information about the fiaif mailing list