grsecurity and ipatbles

Vincent Blondel vincent.blondel at chello.be
Sun Jul 25 10:14:46 PDT 2004


Hi all,

Just wanna to know something. Is there something special to do to let
iptables correctly working with grsecurity.

I prepared a test environment this week-end to try to replace my
external firewall in the next weeks by a new one a bit more optimized
and compiled as proposed by "the Hardened Linux From Scratch project".

So this is done since yesterday but my config firewall that correctly
works on my external firewall doesn't work on my test environment. I
reproduced exactly the same scenario, same ip's, same subnets ... but
always get the same result, the INPUT chain is working well but not the
FORWARD ( and derivates PREROUTING, POSTROUTING ).

When I try to open an ftp, http session to this machine I always get
messages like this 

IN=eth0 OUT=eth2 SRC=1.2.3.4 DST=1.2.3.4 LEN=... TOS=... ... DPT=80 ...

What does it mean ... Is this just a warning or an error ???

My router linux/box was compiled with the last version of "the Hardened
Linux From Scratch project" and iptables 1.2.11.

Thanks for helping me.






More information about the hlfs-dev mailing list