Estou tentando configurar uma configuração firehol muito simples em um novo servidor Debian7. Eu só instalei o ssh e o sudo antes disso
Firehole instalado com
sudo apt-get install firehol
Alterou a configuração em /etc/firehol/firehol.conf para:
#!/sbin/firehol
version 5
interface eth0 y1
policy drop
server ICMP accept
server ssh accept
client all accept
E depois eu entro
firehol try
a sessão ssh foi congelada por 30 segundos (sorte eu pedi para tentar apenas) e há esta saída:
IMPORTANT WARNING: ------------------ FireHOL cannot find your current kernel configuration. Please, either compile your kernel with /proc/config, or make sure there is a valid kernel config in: /usr/src/linux/.config
Because of this, FireHOL will simply attempt to load all kernel modules for the services used, without being able to detect failures.
FireHOL: Saving your old firewall to a temporary file: OK FireHOL: Processing file /etc/firehol/firehol.conf: OK FireHOL: Activating new firewall (53 rules):
-------------------------------------------------------------------------------- WARNING : This might or might not affect the operation of your firewall. WHAT : A runtime command failed to execute (returned error 1). SOURCE : line FIN of /etc/firehol/firehol.conf COMMAND : /sbin/modprobe ip_conntrack_irc -q OUTPUT :
-------------------------------------------------------------------------------- WARNING : This might or might not affect the operation of your firewall. WHAT : A runtime command failed to execute (returned error 1). SOURCE : line FIN of /etc/firehol/firehol.conf COMMAND : /sbin/modprobe ip_conntrack_ftp -q OUTPUT :
Eu instalei um firehol em outro servidor muito semelhante e nunca tive um problema