Results 1 to 19 of 19
  1. #1
    Join Date
    Dec 2006
    Posts
    288

    * apf and iptables

    Does the iptables service need to be running in order for APF to function? If so, can APF act like it is running, when the iptables service is not running, thus giving you a false sense of security?

  2. #2

    apf

    Definitely!

    Apf is an iptables based firewall system. So you need to have iptables for apf to function.

    http://rfxnetworks.com/apf.php
    Mathew Augustine
    Systems Engineer
    "Drink nothing without seeing it; sign nothing without reading it."

  3. #3
    Join Date
    May 2002
    Location
    Kingston, Ontario
    Posts
    1,573
    APF is basically a easier way to manage iptables.
    Upload Guardian 2 - Malicious Upload Scanner - Windows and Linux!
    Instantly scan uploaded files
    Get notified when released

  4. #4
    yes,


    apf is a tool developed above iptables to help firewall'ing easy. So iptables is not running means, NO firewall is enabled in the server even though apf is running.

  5. #5
    Join Date
    Dec 2006
    Posts
    288
    How can I be sure that iptables is running before starting APF?

  6. #6
    Join Date
    Feb 2003
    Location
    North Hollywood, CA
    Posts
    2,554
    Its all ways running, kinda.

    Install APF, config it, run 'iptables -L' to see the rules.

    simply test buy blocking some port you need, just not port 22
    Remote Hands and Your Local Tech for the Los Angeles area.

    (310) 573-8050 - LinkedIn

  7. #7
    Join Date
    Dec 2006
    Posts
    288
    Thanks! I am getting output when I run 'iptables -L' that contains IP's that were blocked via APF. So it looks like we're ok. But just to clarify, would APF install if iptables was not installed?

  8. #8
    Join Date
    Apr 2007
    Location
    Massachusetts
    Posts
    484
    ^ No, but usually every linux box that you buy has iptables.

  9. #9
    Join Date
    Nov 2001
    Location
    Philadelphia, Pa
    Posts
    949
    Quote Originally Posted by Chris Patti View Post
    ^ No, but usually every linux box that you buy has iptables.
    Gentoo doesn't (but you wouldn't buy Gentoo).

    I can't think of another distro that doesn't come with iptables installed by default, though. Does Source Mage?

  10. #10
    Join Date
    Dec 2006
    Posts
    288
    Thanks! This is a Red Hat box, so I think we are ok. Thanks again!

  11. #11
    Join Date
    Dec 2006
    Posts
    288

    Question

    Is there a way to determine if IPTABLES is running with the 'ps' command or any other command, other than 'iptables -L'?

  12. #12
    iptables is not an user space process, so you can not see it with ps command. "IP tables" are kernel level strucutes to manage IP packets (routing and firewalling), and iptables command set rules for each IP packet that kernel catch.

    if you are not root use /sbin/iptables -L with complete path, generally it works.

    Best regards, creaws.
    http://creawebsolutions.com
    Server Management & Web Security.

  13. #13
    Join Date
    Dec 2006
    Posts
    288
    Thank you!

    Can iptables be started, stopped, and restarted? For example:
    /etc/init.d/iptables restart
    Is running iptables just causing the kernel to manage the IP packets? So if I ran '/etc/init.d/iptables stop', the kernel would stop managing the IP packets? Am I understanding that correctly?

    Thanks again!

  14. #14
    /etc/init.d/iptables stop will "flush" all your firewalling ruleset, and only if you complied in your kernel the firewalling support as a module, this will be unloaded. But only disable firewalling, not routing or other IP features.

    Regards! Creaws.
    http://creawebsolutions.com
    Server Management & Web Security.

  15. #15
    Join Date
    Dec 2006
    Posts
    288
    creaws,

    Thank you! Hopefully this will be the last question!

    Is it same to assume that since I do get output from 'iptables -L' that it is compiled into my kernel? And if not, how would I be able to determine if it is compiled into my kernel?

    Thanks again!

  16. #16
    If command iptables -L works, that means that your kernel has support for iptables firewalling. To determine if ir is working as a kernel module or built in the kernel type lsmod and search for "ip_tables". If you find it your firewall is running as a kernel module, other case it is working built in on the kernel.

    Hope this help you.

    Best regards!
    http://creawebsolutions.com
    Server Management & Web Security.

  17. #17
    Join Date
    Dec 2006
    Posts
    288
    Thank you!!!!!!!

  18. #18
    If the command 'iptables -L' works that means your kernel has firewalling support. To determine if it is compiled as a kernel module or built in, type as root the command "lsmod" and search for "ip_tables", if you found it you have firewalling support as a module other case firewalling is built in on the kernel.

    Hope this help you.

    Best regards! CreaWs.
    http://creawebsolutions.com
    Server Management & Web Security.

  19. #19
    Sorry, I wrote the post two times....

    Regards!
    http://creawebsolutions.com
    Server Management & Web Security.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •