Firewall tricks.

Gareth Westwood gareth at kibblestone-uk.fsnet.co.uk
Thu Oct 9 11:29:33 PDT 2003


Rob Park wrote:
> Ricardo Barberis wrote:
> 
>> I'm glad you solved it, but...
>> Just curious, when iptables asked you for an UID, did you try to give 
>> it an  actual UID? I mean a number, not an user name?
> 
> 
> Yeah, UIDs and usernames seem to be totally interchangeable here.
> 
> # iptables -A INPUT -m owner --uid-owner rbpark
> iptables: Invalid argument
> # iptables -A INPUT -m owner --uid-owner 500
> iptables: Invalid argument
> # iptables -A INPUT -m owner --uid-owner rbpark124235asdf
> iptables v1.2.7a: Bad OWNER UID value `rbpark124235asdf'
> Try `iptables -h' or 'iptables --help' for more information.
> # iptables -A INPUT -m owner --uid-owner 500213245
> iptables: Invalid argument
> 
> Uh, yeah. The patch maintainer just said that the socketowner patch 
> hasn't actually been applied, and he seems kind of confused as to why 
> i'm not just using grsecurity (like it's a no-brainer or something).
> 
> The reason I'm not trying grsecurity is that a) I've never tried it 
> before and b) the website is short on details, so I really have no idea 
> what grsecurity _is_.
> 
I realy don't know if this is relavent or if it would work but.......

could you not use some sort of script so that when bittolerent starts, 
iptables starts with iptables-bittol.conf and set that to accept. Then 
when it stops re-do iptables to use iptables-nobt.conf and re-load. I am 
kinda thinking like the ip-up and down scripts.

If this it way off, sorry, I am not exactly sure how this would/could 
work but it was just a thought.

-- 
Gareth Westwood
LFS reg. 7163
The function of the expert is not to be more right than other people,
but to be wrong for more sophisticated reasons.
			Dr. David Butler, British psephologist




More information about the lfs-chat mailing list