Quick Deployment: DA K.I.S.S. Firewall, DA DDoS Deflate, DA BFD, CSF+LFD Installer

[nobaloney]

That error means the script couldn't download the files. Check the script to see where it's trying to get them from.

Jeff

 

[roarkh]

Thanks Jeff, looks like I got it to work I'm not sure if it failed because there were files lying around from the previous install or because I originally ran the script from someplace other than /root (I noticed that bfd-da.tar.gz had been downloaded into /root but expanded into the directory I had run the installscript from but in the script it looked like it was looking for the bfd-1.2 directory in the root directory). I moved the installbest2.sh script into /root and deleted the bfd files that were left over, tried again and it seemed to install in just a few seconds.

Thank you!

 

[littleoak]

Roark,

I will see if I can replicate this on one of my machines. In the mean time, I can take a look at your server if you would like. If you're interested in having me set the software up on your server please contact me at the email address in my signature.

 

[roarkh]

Roark,

I will see if I can replicate this on one of my machines. In the mean time, I can take a look at your server if you would like. If you're interested in having me set the software up on your server please contact me at the email address in my signature.

Thanks for your offer but after trying the things in my previous post I think all is installed and working now. I think the trick was moving the install script into /root and running it from there.

 

[Dark]

Is there any similar script for FreeBSD 6x ?

 

[littleoak]

Dark,

I am not familiar with FreeBSD. None of these programs are designed with FreeBSD in mind.

 

[Dark]

I'm running FreeBSD on my server allmost 2 years. Without problems.
And now someone started Ddos attacks on my server.
Could you give me a piece of advice how to protect FreeBSD server from Ddos attacks?

 

[chasjs]

I installed KISS successfully but now ftp does not work in passive mode. Is there anyway to make KISS work with ftp. I am running Fedora Core 8.

Thanks

 

[littleoak]

Jeff will have to chime in here. I was not aware that KISS disabled passive mode FTP.

 

[chasjs]

Jeff will have to chime in here. I was not aware that KISS disabled passive mode FTP.

I don't believe that it disables passive mode but passive mode uses multiple ports not just port 21. Some firewalls do not support passive mode others do.

 

[nobaloney]

KISS most certainly does allow passive mode, unless someone has modified it from the one's I've posted. KISS was the first firewall I found that opened related ports for replies, which is what passive FTP requires.

I don't know why it's doing it for you.

Jeff

 

[littleoak]

Jeff,

That's what I thought. The version installed here is not modified from your website. It should not prevent passive FTP.

 

[nobaloney]

I'm running FreeBSD on my server allmost 2 years. Without problems.
And now someone started Ddos attacks on my server.
Could you give me a piece of advice how to protect FreeBSD server from Ddos attacks?

You're in the wrong thread; you might want to repost in a FreeBSD thread. The firewalls discussed here are for the Linux kernel.

Jeff

 

[tycoon35]

The FTP should have been disabled with the CSF & it was disabled when I first installed! But it seems to be working pretty well(!!) now!! Can anyone help? What to change in the conf?

 

[littleoak]

I'm sorry, I don't understand your question.

 

[tycoon35]

I'm sorry, I don't understand your question.

http://www.configserver.com/free/csf/readme.txt

Doesn't CSF supposed to disable the FTP?

 

[littleoak]

No. CSF is a firewall. It blocks traffic to ports other than the ones you specify, limits connections, and etc. You can set it to block the FTP ports, but it does not do that by default.

 

[tycoon35]

No. CSF is a firewall. It blocks traffic to ports other than the ones you specify, limits connections, and etc. You can set it to block the FTP ports, but it does not do that by default.

Lol...ok...thank you

Felt like too noob of me....anyway, I was misunderstanding that FTP part -

13. A note about FTP over TLS/SSL
#################################

This will usually fail when using an SPI firewall. This is because of the way
the FTP protocol established a connection between client and server. iptables
fails to establish a related connection when using FTP over SSL because the
FTP control connection is encrypted and so cannot track the relationship
between the connection and the allocation of an ephemeral port.

If you need to use FTP over SSL, you will have to open up a passive port block
in both csf and your FTP server configuration. An example for this is provided
in csf.conf for the description of the MONOLITHIC_KERNEL setting.

Perversely, this makes your firewall less secure, while trying to make FTP
connections more secure.

 

[dlong500]

downloads still not available

littleoak, are you planning on still offering this? The downloads are still not available on your website. Just wondering.

Thanks

 

[littleoak]

Yes, I will release an updated version of the scripts on Monday.