hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Hosting Talk Tutorials : Hosting Security and Technology Tutorials : KISS FireWall Installation [Easy]
Reply

Forum Jump

KISS FireWall Installation [Easy]

Reply Post New Thread In Hosting Security and Technology Tutorials Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
WebHostingTalk Lover
 
Join Date: Mar 2003
Location: New York City
Posts: 7,392
Lightbulb

KISS FireWall Installation [Easy]


Here's a very simple How-To, just follow the instructions and your KISS Firewall will be working in a min.

When logged in as root ( "su -" ):

1) cd /usr/bin
2) wget http://www.geocities.com/steve93138/kiss-2.0.1.tar.gz
3) tar -zxvf kiss2-1.0.tar.gz
4) rm -f kiss2-1.0.tar.gz

5) To configure any settings use top section of the KISS file
Type pico -w kiss
[Make sure you restart for changes to take effect.]

To start KISS
kiss start

To stop KISS
kiss stop

To restart KISS
kiss restart

To check current status
kiss status


6) Once you are sure everything is ok, add the following line to the end of /etc/rc.d/rc.local

/usr/bin/kiss start

Please feel free to post any questions or comments.

For more info, please visit:
http://www.geocities.com/steve93138/



Sponsored Links
  #2  
Old
Web Hosting Master
 
Join Date: Aug 2003
Location: USA
Posts: 1,030
Very nice setup and easy to use, so it seems...

Now those new to Linux won't have to wade through the documentation on IPTABLES


Last edited by Akash; 03-08-2004 at 06:40 PM.
  #3  
Old
WebHostingTalk Lover
 
Join Date: Mar 2003
Location: New York City
Posts: 7,392
IMPORTANT MESSAGE

Hi,

You must change config from:

Code:
##############################################################################
# Uncomment to allow DNS zone transfers
#
#$IPTABLES -A INPUT -i eth0 -p udp --sport 53 --dport 53 -m state --state NEW -j ACCEPT
#$IPTABLES -A INPUT -i eth0 -p tcp --sport 53 --dport 53 -m state --state NEW -j ACCEPT
#$IPTABLES -A OUTPUT -o eth0 -p udp --sport 53 --dport 53 -m state --state NEW -j ACCEPT
#$IPTABLES -A OUTPUT -o eth0 -p tcp --sport 53 --dport 53 -m state --state NEW -j ACCEPT
--------------------------------------------------------------------------------
To:


Code:
##############################################################################
# Uncomment to allow DNS zone transfers
#
$IPTABLES -A INPUT -i eth0 -p udp --sport 53 --dport 53 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p tcp --sport 53 --dport 53 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -p udp --sport 53 --dport 53 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -p tcp --sport 53 --dport 53 -m state --state NEW -j ACCEPT

This seems to be a problem for few ISPs in which they will not find your site unless this change is made.

Just cd /usr/bin
pico kiss

and its right at the bottom.

Hope this helps.


Last edited by Akash; 03-08-2004 at 06:59 PM.
Sponsored Links
  #4  
Old
Web Hosting Evangelist
 
Join Date: Oct 2003
Posts: 459
Hi,

Quote:
Now those new to Linux won't have to wade through the documentation on IPTABLES
Actually I wish to ask this question long time ago when I reading the documentation of IPTABLES.

Is KISS is a program that provide an user interface or GUI that allow us to set the rules of IPTABLES in a more easily way? If yes, I rather not to go through the boring documentation any more!

Thanks

<edit>signature removed</edit>


Last edited by choon; 03-10-2004 at 08:00 AM.
  #5  
Old
WebHostingTalk Lover
 
Join Date: Mar 2003
Location: New York City
Posts: 7,392
No interface for editing the rules etc..

just do pico kiss

  #6  
Old
Newbie
 
Join Date: May 2004
Posts: 7
i just started using KISS.. but i face the problem of ssh dropping connections after i enter the correct password. any idea what's going on?

here's the verbose output from the ssh client

debug1: Next authentication method: password
xxxt@mydomain.com's password:
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: ssh_session2_setup: id 0
debug1: channel 0: request pty-req
debug1: channel 0: request shell
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug1: channel_free: channel 0: client-session, nchannels 1
Connection to mydomain.com closed by remote host.
Connection to mydomain.com closed.
debug1: Transferred: stdin 0, stdout 0, stderr 95 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 1280.5
debug1: Exit status -1

restarting sshd service will allow me to connect once. but once i disconnect that session and try to connect again from a different computer, the same problem comes back again. i can't keep going back to the server to restart sshd all the time. pls help. thanks.

  #7  
Old
Retired Moderator
 
Join Date: Jul 2001
Location: Singapore
Posts: 1,790
Well you problem is one thing but at least tell us your distribution plus version of the OS will let us understand better besides the description of your problem

  #8  
Old
Newbie
 
Join Date: May 2004
Posts: 7
i'm using fedora core 1
i'm suspecting the iptables is dropping outgoing tcp to the ssh client? but i'm not too sure about what needs to check or be done.

what does this channel 0 means? "debug1: channel_free: channel 0: client-session, nchannels 1"

  #9  
Old
WHT Addict
 
Join Date: Jun 2003
Posts: 150
if i want to block a certain ip connecting to a certain port, how can i do that in kiss?

  #10  
Old
WHT Addict
 
Join Date: Jun 2003
Location: HKSAR
Posts: 155
Does Kiss can run in every start up process ??

or .. we need to add KISS in cron to restart ( to ensure it can work at any time ? )

  #11  
Old
WebHostingTalk Lover
 
Join Date: Mar 2003
Location: New York City
Posts: 7,392
It runs every time your server starts i believe.

  #12  
Old
WHT Addict
 
Join Date: May 2003
Posts: 147
If you are looking for an easier firewall to use I recommend APF. You can drop very easiely from command like
apf -d <ipAddress>

You can see a how-to at: http://mycpadmin.com/index.php?showtopic=9

It has a config for cPanel, however it is an easy edit and u just port the port #'s you want to use.

__________________
Linux/cPanel How-To's - cPanelPlanet.com

  #13  
Old
Web Hosting Master
 
Join Date: Dec 2000
Posts: 951
hi just installed kiss. Now i would like to block SMTP on port 25 in order to prevent user can send mails using: maildomain.com (i like they use mail.thereisp.com)
How do i block port 25 ?
I made the following config but it does not work or in other words i can still send e-mails by using maildomain.com
----------
BLOCK_LIST=""
TCP_IN="20 21 25 53 80 110 143 443 995 2082:2083 2086:2087 2089 2095:2096 3306 8443 10000 19638"
TCP_OUT="21 22 37 43 53 80 443 873 2089 55000"
-------

Thanks for advise

  #14  
Old
Web Hosting Master
 
Join Date: Dec 2000
Posts: 951
of course i would like customers can recive e-mails on port 25

  #15  
Old
Web Hosting Master
 
Join Date: Dec 2000
Posts: 951
not working. the mails will siple go into the queue... I have something that bocks the sende while sending the e-mails In that way customers think they sent a mail while really not sendin anything...

Reply

Related posts from TheWhir.com
Title Type Date Posted
Rackspace Offers Brocade Vyatta vRouter in Limited Availability Web Hosting News 2013-05-31 10:17:42
GoGrid Adds New Firewall Services to Cloud SDN Architecture Web Hosting News 2013-04-11 10:50:21
Phoenix NAP Adds Firewall and Storage Capabilities to Secured Servers Web Hosting News 2013-01-21 14:15:08
Interoute Launches Cloud Firewall Service for Real-time View into Security Threats Web Hosting News 2012-12-04 16:00:56
Web Host HostGee Rolls Out Managed Firewall Cluster Service Web Hosting News 2012-10-22 15:36:38


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?