Rocksolid Light

Welcome to novaBBS

register   nodelist   faq  

Your account also provides newsreader access to all groups at news.i2pn2.org port 119 or 563 (TLS)


rocksolid / i2p / Re: FirewallD Tips

SubjectAuthor
* FirewallD TipsGuest
`* Re: FirewallD TipsAnonUser
 `* Re: FirewallD TipsGuest
  `- Re: FirewallD TipsAnonUser

1
Subject: FirewallD Tips
From: gue...@retrobbs.rocksolidbbs.com (Guest)
Newsgroups: rocksolid.shared.i2p
Organization: Dancing elephants
Date: Fri, 21 Feb 2020 23:14 UTC
Path: i2pn2.org!.POSTED!not-for-mail
From: gue...@retrobbs.rocksolidbbs.com (Guest)
Newsgroups: rocksolid.shared.i2p
Subject: FirewallD Tips
Date: Fri, 21 Feb 2020 18:14:51 -0500
Organization: Dancing elephants
Lines: 35
Message-ID: <r2po8s$21u$1@i2pn2.org>
Reply-To: Guest <guest@retrobbs.rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 21 Feb 2020 23:14:39 -0000 (UTC)
Injection-Info: i2pn2.org; posting-account="def.i2p";
logging-data="2110"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: FUDforum 3.0.7
X-FUDforum: 6666cd76f96956469e7be39d750cc7d9 <101873>
View all headers
FirewallD Tips

Just let me say that if you are running nginx or Arch with BSD server or Gentoo with ZeroShell router... don't waste your time reading further.

This is for Linux people who use GUFW or UFW and their sense of self preservation screams HELP!  Even Parrot uses GUFW a disgrace!

First just let me say that FirewallD is a complex dynamic firewall and it is not simple to learn.  You would expect that people that maintained i2p/d repos for Fedora (FirewallD is standard) for years would know better by now, but this is not the case.  I have not seen one done correctly yet,  just some dangerous junk.

I will use the instructions for Debian and remember these are just tips for i2p Java for a static configuration.

 You need to install:  firewalld, firewall-config, firewall-applet and python3-firewall.  sudo apt or syanptic or some other package manager is fine.
 To start the graphical configuration /usr/bin/firewall-config or click on the brick wall that appears in your menu.
  1. To make permanent changes you need to change from Runtime to Permanent and than from Option to Reload Firewall.  I suggest you do it after each change to make sure it saved.
  2.  First change the default zone to Drop (Options -> Change Default Zone).  Reload firewall.
  3.  Top Tab = Zones  Bottom Tab = Ports  Add your i2p ports here:  123 UDP, Your router ports lets say 12345 UDP, 12345 TCP
  4.  Top Tab = Zones  Bottom Tab = Source Ports
 Add your i2p ports 12345 UDP and 12345 TCP ports.
  5.  Top Tab = Zones Bottom Tab = Port Forwarding
 Add your ipv4 protocol ports Only to those specified by i2p Java.  Most maintainers do the whole range.
  6  Top Tab = Zones Bottom Tab = Interface
 Add your interface (example eth0)
  7  Top Tab = Services Bottom Tab = Ports
 Select NTP from the list and add UDP and TCP 123
  8  Top Tab = Services Bottom Tab = Source Port
 Add your i2p ports 12345 UDP and 12345 TCP ports and 123 UDP


Posted on def3


Subject: Re: FirewallD Tips
From: AnonU...@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.i2p
Organization: Rocksolid Light
Date: Fri, 21 Feb 2020 23:23 UTC
Path: i2pn2.org!.POSTED!not-for-mail
From: AnonU...@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.i2p
Subject: Re: FirewallD Tips
Date: Fri, 21 Feb 2020 23:23:55 -0000 (UTC)
Organization: Rocksolid Light
Message-ID: <3026a4938dc8eac4cc4cfcbbb0e7d148$1@rslight.i2p>
References: <r2po8s$21u$1@i2pn2.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 21 Feb 2020 23:23:55 -0000 (UTC)
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="6964"; mail-complaints-to="usenet@i2pn2-novalink.localdomain"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.com
X-Rslight-Site: $2y$10$vCo1qrRpNAoV5irXTh2Mc..Z9kaGWdtYCqIEaLsju24kX835lxkkm
View all headers
Guest wrote:

FirewallD Tips

Just let me say that if you are running nginx or Arch with BSD server or Gentoo with ZeroShell router... don't waste your time reading further.

This is for Linux people who use GUFW or UFW and their sense of self preservation screams HELP!  Even Parrot uses GUFW a disgrace!

First just let me say that FirewallD is a complex dynamic firewall and it is not simple to learn.  You would expect that people that maintained i2p/d repos for Fedora (FirewallD is standard) for years would know better by now, but this is not the case.  I have not seen one done correctly yet,  just some dangerous junk.

What makes firewalld a better choice than ufw? Aren't they both basically frontends for iptables?

--
Posted on Rocksolid Light
rslight.i2p


Subject: Re: FirewallD Tips
From: gue...@retrobbs.rocksolidbbs.com (Guest)
Newsgroups: rocksolid.shared.i2p
Organization: Dancing elephants
Date: Sat, 22 Feb 2020 17:38 UTC
Path: i2pn2.org!.POSTED!not-for-mail
From: gue...@retrobbs.rocksolidbbs.com (Guest)
Newsgroups: rocksolid.shared.i2p
Subject: Re: FirewallD Tips
Date: Sat, 22 Feb 2020 12:38:47 -0500
Organization: Dancing elephants
Lines: 0
Message-ID: <r2roum$ap6$1@i2pn2.org>
References: <3026a4938dc8eac4cc4cfcbbb0e7d148$1@rslight.i2p>
Reply-To: Guest <guest@retrobbs.rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 22 Feb 2020 17:38:31 -0000 (UTC)
Injection-Info: i2pn2.org; posting-account="def.i2p";
logging-data="11046"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: FUDforum 3.0.7
X-FUDforum: 6666cd76f96956469e7be39d750cc7d9 <101877>
View all headers
Firewalld is systemD.  It was release by Red Hat so that people will write dynamic configurations.  For i2p you can allow only the reseed servers at start and latter configure based on needs.  That would be a lot of work.  They do have a site and you can search for comparisons.
Posted on def3


Subject: Re: FirewallD Tips
From: AnonU...@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.i2p
Organization: Rocksolid Light
Date: Sun, 23 Feb 2020 10:41 UTC
Path: i2pn2.org!.POSTED!not-for-mail
From: AnonU...@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.i2p
Subject: Re: FirewallD Tips
Date: Sun, 23 Feb 2020 10:41:36 -0000 (UTC)
Organization: Rocksolid Light
Message-ID: <4458c1ae30f94af9e4309436dfafa383$1@rslight.i2p>
References: <3026a4938dc8eac4cc4cfcbbb0e7d148$1@rslight.i2p> <r2roum$ap6$1@i2pn2.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 23 Feb 2020 10:41:36 -0000 (UTC)
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="18585"; mail-complaints-to="usenet@i2pn2-novalink.localdomain"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.com
X-Rslight-Site: $2y$10$xrsddVp2Nb0lesMFyq5T8OWOdcwcppb3Bzn0XYr9sKndgqTVOsaG6
View all headers
Guest wrote:

Firewalld is systemD. 

I already have too much systemd thanks for the warning.

--
Posted on Rocksolid Light
rslight.i2p


1
rocksolid light 0.6.6
clearnet i2p tor