Hello, it's my first post on this forum (I think)

It's funny I had my ensim server from new with no firewall for several months as I was too busy with the web development to worry about it. I then read your 10 point checklist and decided it was about time to address the issue, so... I installed APF, PSAD, Mailscanner Kit, Chroor kit, and Libmod is it?

So now I've got all this protection, how come I feel moe paranoid than ever?!!

Anyway, I would be grateful if someone could help me out with this. I am getting a regular email from root with the following message:

Subject:
** The INPUT chain in the iptables ruleset on blah.blah.blah
does not include a default LOG rule for all protocols. psad will not
be able to detect scans without such a rule.


.. NOTE: IPTables::Parse does not yet parse user defined chains and so it
is possible your firewall config is compatible with psad anyway
--------------------------------------------------------------------------------
I'm really new to all this firewall stuff and havent got a clue how to an iptables ruleset. I had a look at a program called quicktables, but the configuration still seemed above my head and I was unable to install it. On trying to run the install script it couldn't locate rc.firewall - can some nice person tell me what's going on? am I much safer than I was before? and do I need to do anything?

Greetings:

1. In /etc/Bastille/bastille-firewall.cfg make sure you have LOG_FAILURES set to "Y"

2. Make sure your REJECT_METHOD in the same file is set to "DROP"

Thank you.

Thanks, except that I am using APF not Bastille :-(

That's why you get the error message! You need Bastille and PSAD or APF by itself.

Thanks that's the fastest reply I've ever had!

Oh I misunderstood, I thought APF was just a Firewall, not a port-scan detector. What should I use with APF then? Snort maybe?

(Are other people having problems with being logged out of these forums?)

No idea, I use Bastille and PSAD - a great combination.