What's
New		 Doll
Makers		 Room
Makers		 Puzzle
Makers		 Roiworld Stardoll Smilies Links

Back to Reference Guides

Firewall Configuration - KISS


This is a quick overview of installing and running the KISS v2 firewall for the Linux server, the original reference was made available by Steve, which is listed below with additions in red indicating potential problems to be aware of. The KISS (Keep it Simple Stupid) firewall is the easiest to setup with no pre-configuration required and can be run straight out of the box.


It will work with any stock installation of the following control panels, Ensim WEBppliance Basic & Pro, Plesk, and Webmin. Cpanel installations require some modifications.

All you need to add "2082 2083 2086 2087 2095 2096" to the TCP_IN variable in the /usr/bin/kiss file.
And add "873" (RSYNC) and "2089" (cPanel License) on the output chain:

...
TCP_IN="20 21 25 53 80 110 143 443 995 2082 2083 2086 2087 2095 2096 3306"
TCP_OUT="21 22 25 37 43 53 80 443 873 2089"
...

When logged in as root ( "su -" ),

if you type su (super user without the '-') you will get this error
[root@secure bin]# kiss start
/usr/bin/kiss: ifconfig: command not found
Could not determine MAIN_IP. Firewall script aborted!
Without the ' -' you don't have root's paths exported, so you have to reference things by full pathname.
type:

cd /usr/bin
wget http://www.geocities.com/steve93138/kiss-2.0.1.tar.gz
tar zxvf kiss-2.0.1.tar.gz
That's it! To get it running anywhere on the command line, you simply type:
kiss start
To stop the firewall, type:
kiss stop
To get status information, type:
kiss status
If you want to block an offenders IP address/subnet, simply edit the BLOCK_LIST variable in the /usr/bin/kiss file. You can separate IP addresses and subnet's with a space. Once you are finished, simply restart KISS by typing:
kiss restart
Last, but not least, it is recommended that you configure the firewall to allow only for needed ports. Using trusted IP addresses/subnets is also recommended. These variables are located near the beginning of the /usr/bin/kiss file and are self-explanatory. Once you make changes, you should always restart KISS for the changes to take effect:
kiss restart

To restart the firewall automatically on reboot. Edit the file /etc/rc.d/rc.local and add the following line to the end of the file:

/usr/bin/kiss start


What's New in Version 2?

The biggest change is that it does not require any initial configuration. With version 2, you won't automatically lock yourself out of your server unless you set some of the variables incorrectly. It also does extensive error checking and is distributed as a tar file. This solves a lot of the issues that were present with the older version. In addition, version 2 is highly configurable and was tested to work with the latest version of iptables - version 1.2.8.

References:
KISS installation guide





About     Privacy Policy     Hosting by Web Hosting Canada

Except where otherwise noted, this site is licensed under a Creative Commons License



contact us: elouai@gmail.com
©2003-2009 eLouai.com, All rights reserved