ferm kicks asses. man i’m building a firewall with extreme ease.

–
cga

thanks for the fast reply, i figured out a few things in the meanwhile =)

now i have (thanks to your example config) a quite nice firewall.

the only one more question is: you define a $DEV_INTERNET but it seems to me that you don’t use it. what’s the point of defining an interface and not using it?

anyway if i test the config it says it’s ok and shows teh rules. even iptables -L does it right. is only that i don’t understand this “misconfiguration”

please
thanks

–
cga

Try without the second line.

first things first: nice article.

i’m starting to use ferm since i want a firewall and a powerful easy setup tool for it.

ferm really rocks but i don’t know it very much yet. i’ve just started using it a googleing for what i need to know. that’s how i “stumbled” upon your blog.

i’m trying to enable ssh on a certain port (let’s say 10000) , here’s what i’m trying:

# allow SSH connections
proto tcp dport 10000 ACCEPT;
proto (ssh) ACCEPT;

but if i test it i get:

ferm -n -l /etc/ferm/ferm.conf

[...]
-A INPUT –protocol tcp –dport 10000 –jump ACCEPT
-A INPUT –protocol ssh –jump ACCEPT
[...]

from what i can see and understand, that would accept incoming to port 10000 but also on ssh (which defaults to 22).

what i’d like to achieve is to have only port 10000 and not 22 enabled since my sshd_config has port 10000 set and i don’t want more ports open than the ones i need.

can you help me please?
thanks

–
cga