gnome 2.10 e il mio firewall.. incombatibili

[FreeManX]

Ciao,
oggi ho voluto provare gnome 2.10 (dropline con slack-current) ma stranamente quando abilito il mio firewall (allegato) gnome non funziona a dovere...una su tutte quando riesce ad avviarsi lo fa molto lentamente.
perche'? non mi sembra ci siano regole che possano intaccare il suo funzionamento.

Che dite???

#!/bin/bash
#Firewall di sistema

echo "Avvio FIREWALL"

IPT="/usr/sbin/iptables"
IF="eth0"

#State matching stuff - to accept related and established connections.
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

echo -n "-- Setting up IP spoofing protection....."
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f ; done
echo "DONE"


#$IPT -A INPUT -m unclean -j DROP

echo -n "-- Drop any bad flags....."
#Drop any bad Flags
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-level info --log-prefix "FIREWALL: BAD FLAG! L1: "
$IPT -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
$IPT -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG --log-level info --log-prefix "FIREWALL: BAD FLAG! L2: "
$IPT -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
$IPT -A INPUT -p tcp --tcp-flags ALL NONE -j LOG --log-level info --log-prefix "FIREWALL: BAD FLAG! L3: "
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-level info --log-prefix "FIREWALL: BAD FLAG! L4: "
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-level info --log-prefix "FIREWALL: BAD FLAG! L5: "
echo "DONE"

echo -n "-- Stuff to stop SYN Floods....."
#Stuff to stop SYN Floods
$IPT -N syn-flood
$IPT -A syn-flood -m limit --limit 1/s --limit-burst 10 -j RETURN
$IPT -A syn-flood -j LOG --log-level info --log-prefix "FIREWALL: SYN Flood Stopped: "
$IPT -A syn-flood -j DROP
$IPT -A INPUT -p tcp --syn -j syn-flood
echo "DONE"

echo -n "-- Block bad address....."
$IPT -A INPUT -s 10.0.0.0/8 -j LOG --log-level info --log-prefix "FIREWALL: FAKE CLASS A: "
$IPT -A INPUT -s 10.0.0.0/8 -j DROP
$IPT -A INPUT -s 255.255.255.255 -j LOG --log-level info --log-prefix "FIREWALL: FAKE CLASS E: "
$IPT -A INPUT -s 255.255.255.255 -j DROP
$IPT -A INPUT -s 0.0.0.0/8 -j DROP
$IPT -A INPUT -s 169.254.0.0/15 -j DROP
$IPT -A INPUT -s 224.0.0.0/4 -j DROP
$IPT -A INPUT -s 240.0.0.0/5 -j DROP
$IPT -A INPUT -s 248.0.0.0/5 -j DROP
$IPT -A INPUT -f -j LOG --log-level info --log-prefix "FIREWALL: PACKET FRAGMENTED: "
$IPT -A INPUT -f -j DROP
echo "DONE"

echo -n "-- Block strange ICMP packet....."
$IPT -A INPUT -p icmp -m icmp --icmp-type 8 -m length --length 128:65535 -j DROP
echo "DONE"

echo -n "-- Deny prts... "
echo -n "1241 "
$IPT -A INPUT -i $IF -p tcp --dport 1241 -j DROP
echo -n "10000 "
$IPT -A INPUT -i $IF -p tcp --dport 10000 -j DROP
echo -n "6000:6009 "
$IPT -A INPUT -i $IF -p tcp --dport 6000:6009 -j DROP
echo -n "80 "
$IPT -A INPUT -i $IF -p tcp --dport 80 -j DROP
echo -n "8080 "
$IPT -A INPUT -i $IF -p tcp --dport 8080 -j DROP
echo "...DONE"

[FreeManX]

Risolto

Bloccavo il traffico della porta 111 proveniente da LO e questo a quanto pare incasinava gnomo!

[Fabiuz]

ti piace la sicurezza vedo,eh??