I'm planning to configure this as the firewall on my Linode and when I was doing:

ip link show

I get the following

1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: teql0: <NOARP> mtu 1500 qdisc noop qlen 100
link/void
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
4: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether fe:fd:46:55:81:37 brd ff:ff:ff:ff:ff:ff
5: sit0@NONE: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
6: tunl0@NONE: <NOARP> mtu 1480 qdisc noop
link/ipip 0.0.0.0 brd 0.0.0.0
7: gre0@NONE: <NOARP> mtu 1476 qdisc noop
link/gre 0.0.0.0 brd 0.0.0.0

If I put together a firehol config file which specifies only the eth0 will these others be blocked, and can anyone confirm for me what those are and if they're vital to the operation of my Linode?

Thanks, Tom

Just tried it and got the following message - can anyone help out with this:

Starting iptables firewall: FireHOL ...
IMPORTANT WARNING:
------------------
FireHOL cannot find your current kernel configuration.
Please, either compile your kernel with /proc/config,
or make sure there is a valid kernel config in
/lib/modules/2.4.29-linode39-1um/build/.config,
/usr/src/linux/.config or /boot/config-2.4.29-linode39-1um

Because of this, FireHOL will simply attempt to load
all kernel modules for the services used, without
being able to detect failures.

Stopping: /etc/default/firehol forbids it.
done.

Thanks, Tom

Stupid startup script, that is...

Anyhow, copy the contents of this post:

http://www.linode.com/forums/viewtopic.php?p=6129#6129

into one of those files.

-Chris

Thanks, works a treat.

So I'm assumiung I can ignore the other interfaces?

Thanks, Tom

Yes. Well, I did and everything is fine.

_________________
/ Peter

I'm posting this mainly so I can document my own setup, which is ubuntu dapper on a linode.

Hopefully it will help others as well.



Firehol needs to find a kernel config in one of the above listed places. I wrote the following bash script for me to run if I have a kernel change (disclaimer, I'm a bash noob). The last line may need changing depending on your OS, or just omit it and restart firehol as you like to:

#! /bin/bash
if test ! -d /usr/src/linux
then
    mkdir /usr/src/linux
fi
if test -f /usr/src/linux/.config
then
  mv /usr/src/linux/.config /usr/src/linux/.config.bak
  gzip /usr/src/linux/.config.bak
fi
cp /proc/config.gz /usr/src/linux/config.gz
gunzip /usr/src/linux/config.gz
mv /usr/src/linux/config /usr/src/linux/.config
/etc/init.d/firehol restart

This next part of the original post reflects a completely different problem:


You need to edit /etc/default/firehol so it says:

START_FIREHOL=YES