This is the old SliTaz forum - Please use the main

Is slitaz naked on the internet or not (firewall)?
  • slicelslicel April 2010
    One of my first questions in 2008 was if slitaz had a firewall.

    I was told yes, slitaz autostarts a firewall and iptables is only to customize the configuration.

    Recently I see posts saying that slitaz is naked on the internet unless you manually create a firewall.

    Which is it?

    This seems to be an important point and it would help if the documentation was clear and definitive on the point.

    Thank you.
  • RuppRupp April 2010
    It has a firewall. You need iptables to configure it. Otherwise the firewall is starting without any ruleset.

  • slicelslicel April 2010
    I recall the 2008 answer being that slitaz started a basic default configuration.

    Starting nothing is definitely different.

    I do not see an answer in documentation. I thought there was a brief firewall section on this page but now I see no mention.

    Thank you.
  • jozeejozee April 2010
    Short answer: SliTaz comes with firewall but iptables is disabled by default. You can install firewall using "tazhx box". It will enable iptables, start firewall, shows if there are any open ports (by default, you won't find any), and add firewall to start at boot. Thanks to Gokhlayeh, SliTaz firewall is strong by default. You can also disable ping and other servers directly in /etc/firewall.conf. You can manage the firewall using the serverbox.
  • erniaernia April 2010
    is this error due to the fact that /init.d/firewall has no executable permissions?
    COMMAND OPTIONS: firewall --non-free
    Setting IPTABLES_RULES to yes in /etc/firewall.conf
    /sbin/hwsetup: line 851: /etc/init.d/firewall: Permission denied
    adding firewall daemon to start automatically at boot
    Press ENTER to close...
  • slicelslicel April 2010
    I had the same error that ernia did.

    Please correct me if I am wrong.

    I remember that slitaz firewall was enabled and autostarted by default. I do not remember seeing any announcement of the important change that slitaz switched to disabled or not started by default.

    Edit- Slitaz 3 rcS.conf says
    RUN_DAEMONS="dbus hald firewall slim"

    I was told in 2008 that means that a firewall is working.

    What is the advantage of disabled or not-started firewall by default rather than enabled and autostarted firewall by default?

    I remember manually installing the iptables package on slitaz 3. An os with iptables but that is disabled by default and an os with no iptables at all are very different.

    I am not sure if the iptables package installs iptables or if the iptables package is an editor for changing iptables that is already there.

    How can slitaz firewall be strong by default when it is not started, not enabled (at least because iptables are not enabled), and cannot work without downloading an extra package?

    Thank you.
  • jozeejozee April 2010
    ernia, there was a smalll bug with passing of "--non-free" option . Fixed here:

    Can you download and test the latest /sbin/hwsetup file from here:

    Atlernatively : "tazhw setup firewall " should work.

    Edit1 : need to check if /etc/init.d/firewall is executable

    Edit2 : Fixed now:
  • slicelslicel April 2010
    The handbook sounds like there is an autostarted firewall with basic rules and iptables are additional rules.

    SliTaz provides a very basic firewall, the kernel security rules are launched at boot time and iptables rules are disabled by default. You can activate/disable these at startup by using the configuration file /etc/firewall.conf.

    The default firewall script begins with its own set options for the Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and spoof filters. The script then launches the rules defined in the iptables_rules() function of the configuration file: /etc/firewall.conf.

    The firewall uses Iptables, it consists of two files: /etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify these. Note Iptables has lots of options. For more infomation see the official documentation available online:

    I still do not know whom to believe.

    Thank you.
  • erniaernia April 2010
    will your fix be available to 3.0 too? repositories are different from cooking so i'm wondering how they get updated
  • sanekssaneks April 2010
    I have no package called tazhw in 3.0and it's not in tazpkg either.. I downloaded the latest cooking now.. and another question: is it a different behaviour if I fully installed slitaz3.0?

    could anyone post how to enable firewall in 3.0? (and wiki please?)

  • slicelslicel April 2010

    I do not know the 3.0 and cooking differences.

    I do not know what is necessary for a working firewall in slitaz because of conflicting information but it probably would be good to do the next steps-

    Install iptables package with any depends that it needs (package manager can install depends for you).

    Enter this command in terminal as root to fix a bug (edit- I removed $fs according to ernia)-
    chmod +x /etc/init.d/*

    Right-click /etc/intit.d/firewall properties and then the permissions tab to make sure firewall is executable by all.

    Make sure kernel security and iptables rules are enabled "yes" (I think) in /etc/firewall.conf (it would help if the comment said whether "yes" means "yes it is disabled" or "yes it is enabled")-
    # Enable/disable kernel security.

    # Enable/disable iptables rules (iptables package must be installed).

    Make sure firewall is in /etc/rcS.conf-
    RUN_DAEMONS="dbus hald firewall slim"

    I am only a novice making blind stabs in the dark and my guesses could be wrong.

    More information-
  • erniaernia April 2010
    you don't need to prepend $fs to /etc/init.d/firewall , fs should be a meaningful variable only when building packages with tazwok.
    while the command works because fs is empty it does not make sense.
    the rest should be correct, in my opinion. if you want to check the loaded iptables rules you could enter
    iptables -L
    in a terminal as root.
  • leifleif April 2010
    Firewall! Is it hysteria? I have cleared all the barriers that exist when
    the firewall, in Linux I always running in root, in XP as admin and so
    has made since 2002 and nothing has happened with any computer!
    Four Linux computers with different IP addresses.
    Three computers with XP, even those with different IP addresses.
    Thus seven IP addresses that hackers can use.
    Note. I do not use explorer! Only mozilla! (Firefox)
    I mad? No! Simple rules: check what programs are listening
    at the gates! And NEVER use the MS Explorer!
  • RuppRupp April 2010

    I hear ya man. I go to this one site that is mostly windows security related and they have 12 different programs that run at boot to guard against different things. When you are as obsessed as that I bet you actually want something to fail. Know what I mean?

  • oldmanpcoldmanpc September 2010
    i did something like slicel said. /etc/init.d/firewall is not a executable in defaults. you will get a "permission denied" when exec "tazhw setup firewall"
    and no message about firewall in boot log.
    i set it to executable and re-run the command. everything seem OK. no "permission denied" and the boot log just show it's loaded.

    anyway, /etc/firewall.conf show only INTERFACE="eth0". is it refer to pci network card? i mostly use wireless so how to add a new interface? wlan0 of eth1 etc..

  • Trixar_zaTrixar_za September 2010
    First off, you need to su to root to use tazhw, which is why your getting the permission denied error.

    Secondly, I assume you just change the INTERFACE to whatever you wish to monitor, ie INTERFACE="wlan0" or INTERFACE="ppp0" - correct me if I'm wrong anybody that knows.
  • stopstockstopstock September 2010
    This is my first Linux and my first Slitaz. also my first computer too (old PC) my ages about 25 years old. and I think im not to late to learn linux.

    first, i dont know what should i do to fix the firewall. because i really dont understand about the code.
    theres no linux user in my region. so i try to learn it from here.
    but i still confused.

    I need to learn it from scratch.

    any tutorial for noob?

    (forgive me for my bad english. hope u all understand) thanks :)
  • slicelslicel March 2011
    Stopstock, my previous post in this thread is a tutorial.

    It might be easiest to login as root to do it.  The parts of the instructions that look like name/secondname/thirdname refer to the system's folders and files tree that you can navigate with the PCMan file manager.  You can edit many files by opening them with leafpad.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

SliTaz Social