DA-Kiss - DirectAdmin specific firewall based on Kiss v2.0

kark

Verified User
Joined
Jan 8, 2004
Messages
39
'dumb' question

I have a rather standard IPtables and I'd like to switch to KISS. Can I just install KISS, which will overwrite the excisting IPtables or should I first delete all IPtables lines and then install KISS?

Thanks,
Kark
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
Flush all your current rules from iptables firtsly, you should be able to place kiss in place then run:

kiss stop

which should flush your existing rules.

Chris
 

kark

Verified User
Joined
Jan 8, 2004
Messages
39
I'm not a real firewall guru so I hope someone can help me?! :)

I have installed Kiss which went without any problem. But in my /etc/sysconfig/iptables are still the old rules (shouldn't be there something from KISS?). Should I delete the file or open the file and remove all lines ?

Thanks,
Kark
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
As mentioned above 'kiss stop' should flush your current rules.

Chris
 

kark

Verified User
Joined
Jan 8, 2004
Messages
39
Perhaps I don't understand the term "flush" correctly. If you say flush, you mean like "gone" or "deleted" right? At least, that is what I am thinking what flush means. If so; then it doesn't work. :)
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
Flush would mean.. flush your existing rules........ think of flushing it down your toilet - bad example :D

In seriousness its basically removing / dropping / flushing your current rules.

Chris
 

kark

Verified User
Joined
Jan 8, 2004
Messages
39
Hmm ... I still didn't understand it, so I googled a bit more. :)

So now I understand that if you 'Flush' IPtables the rules will be deleted but NOT from the file /etc/sysconfig/iptables. So if I want to use KISS I must call IPtables with the command KISS and not /etc/rc.d/init.d/iptables. Because at the moment when the server is rebooted /etc/rc.d/init.d/iptables is called (which is using the /etc/sysconfig/iptables rules). Am I correct on this ?

I'm a slow learner .. sorry :eek:

Thanks for the time,
Kamiel
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
Basically when you run 'kiss stop' it runs the following commands:

/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -F

That basically says accept all incoming connections and accept all outgoing conections then remove any rules currently being used.

When you run kiss start it basically just adds the rules specified in the script to iptables. Nothing else is called by kiss.

Chris
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
I prefer KISS...... although I would say the 2 best software firewalls that are free - certainly KISS and APF. Take your pick :)

Chris
 

ProHS

Verified User
Joined
Oct 31, 2003
Messages
198
Location
Lecanto, FL USA
Well do you know where i can get a list of their features like APF has an offical web site where they list it at?
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
If it has ifconfig iptables modprobe... (for KISS) you could try it and keep us informed with the results ;)

Chris
 

ProHS

Verified User
Joined
Oct 31, 2003
Messages
198
Location
Lecanto, FL USA
Yea the kiss firewall will not work in FreeBSd because their is no /etc/rc.d/rc.local dir, well the /etc is in all Unix OS acourse but not that hole path and when i did try to run it i got permission denied and i tryed changing the permission's and then it said unknown command. If any one has been successful at getting it to work or re wrote a kiss script let me know i would apprecate but for now i am going to try to get APF to work again.
 
Top