It has a firewall. You need iptables to configure it. Otherwise the firewall is starting without any ruleset.

/etc/init.d/firewall

Rupp

I recall the 2008 answer being that slitaz started a basic default configuration.

Starting nothing is definitely different.

I do not see an answer in documentation. I thought there was a brief firewall section on this page but now I see no mention.

http://doc.slitaz.org/en:handbook:security

Thank you.

Short answer: SliTaz comes with firewall but iptables is disabled by default. You can install firewall using "tazhx box". It will enable iptables, start firewall, shows if there are any open ports (by default, you won't find any), and add firewall to start at boot. Thanks to Gokhlayeh, SliTaz firewall is strong by default. You can also disable ping and other servers directly in /etc/firewall.conf. You can manage the firewall using the serverbox.

is this error due to the fact that /init.d/firewall has no executable permissions?

COMMAND OPTIONS: firewall --non-free
Setting IPTABLES_RULES to yes in /etc/firewall.conf
/sbin/hwsetup: line 851: /etc/init.d/firewall: Permission denied
adding firewall daemon to start automatically at boot
====================================
----
Press ENTER to close...

I had the same error that ernia did.

Please correct me if I am wrong.

I remember that slitaz firewall was enabled and autostarted by default. I do not remember seeing any announcement of the important change that slitaz switched to disabled or not started by default.

Edit- Slitaz 3 rcS.conf says

RUN_DAEMONS="dbus hald firewall slim"

I was told in 2008 that means that a firewall is working.

What is the advantage of disabled or not-started firewall by default rather than enabled and autostarted firewall by default?

I remember manually installing the iptables package on slitaz 3. An os with iptables but that is disabled by default and an os with no iptables at all are very different.

I am not sure if the iptables package installs iptables or if the iptables package is an editor for changing iptables that is already there.

How can slitaz firewall be strong by default when it is not started, not enabled (at least because iptables are not enabled), and cannot work without downloading an extra package?

Thank you.

ernia, there was a smalll bug with passing of "--non-free" option . Fixed here: http://hg.slitaz.org/slitaz-tools/rev/7deb180a03a0

Can you download and test the latest /sbin/hwsetup file from here: http://hg.slitaz.org/slitaz-tools/raw-file/7deb180a03a0/tinyutils/hwsetup

Atlernatively : "tazhw setup firewall " should work.

Edit1 : need to check if /etc/init.d/firewall is executable

Edit2 : Fixed now: http://hg.slitaz.org/wok/rev/85729048b1b9

The handbook sounds like there is an autostarted firewall with basic rules and iptables are additional rules.

SliTaz provides a very basic firewall, the kernel security rules are launched at boot time and iptables rules are disabled by default. You can activate/disable these at startup by using the configuration file /etc/firewall.conf.

The default firewall script begins with its own set options for the Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and spoof filters. The script then launches the rules defined in the iptables_rules() function of the configuration file: /etc/firewall.conf.

The firewall uses Iptables, it consists of two files: /etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify these. Note Iptables has lots of options. For more infomation see the official documentation available online: http://www.netfilter.org/documentation/.

http://doc.slitaz.org/en:handbook:networkconf

I still do not know whom to believe.

Thank you.

@jozee
will your fix be available to 3.0 too? repositories are different from cooking so i'm wondering how they get updated

I have no package called tazhw in 3.0and it's not in tazpkg either.. I downloaded the latest cooking now.. and another question: is it a different behaviour if I fully installed slitaz3.0?

could anyone post how to enable firewall in 3.0? (and wiki please?)

thanks!

Saneks,

I do not know the 3.0 and cooking differences.

I do not know what is necessary for a working firewall in slitaz because of conflicting information but it probably would be good to do the next steps-

Install iptables package with any depends that it needs (package manager can install depends for you).

Enter this command in terminal as root to fix a bug (edit- I removed $fs according to ernia)-

chmod +x /etc/init.d/*

Right-click /etc/intit.d/firewall properties and then the permissions tab to make sure firewall is executable by all.

Make sure kernel security and iptables rules are enabled "yes" (I think) in /etc/firewall.conf (it would help if the comment said whether "yes" means "yes it is disabled" or "yes it is enabled")-

# Enable/disable kernel security.
KERNEL_SECURITY="yes"

# Enable/disable iptables rules (iptables package must be installed). 
IPTABLES_RULES="yes"

Make sure firewall is in /etc/rcS.conf-

RUN_DAEMONS="dbus hald firewall slim"

I am only a novice making blind stabs in the dark and my guesses could be wrong.

More information-

http://www.netfilter.org/
http://www.linuxsecurity.com/

you don't need to prepend $fs to /etc/init.d/firewall , fs should be a meaningful variable only when building packages with tazwok.
while the command works because fs is empty it does not make sense.
the rest should be correct, in my opinion. if you want to check the loaded iptables rules you could enter

iptables -L

in a terminal as root.

Firewall! Is it hysteria? I have cleared all the barriers that exist when
the firewall, in Linux I always running in root, in XP as admin and so
has made since 2002 and nothing has happened with any computer!
Four Linux computers with different IP addresses.
Three computers with XP, even those with different IP addresses.
Thus seven IP addresses that hackers can use.
Note. I do not use explorer! Only mozilla! (Firefox)
I mad? No! Simple rules: check what programs are listening
at the gates! And NEVER use the MS Explorer!

@leif

I hear ya man. I go to this one site that is mostly windows security related and they have 12 different programs that run at boot to guard against different things. When you are as obsessed as that I bet you actually want something to fail. Know what I mean?


Rupp

i did something like slicel said. /etc/init.d/firewall is not a executable in defaults. you will get a "permission denied" when exec "tazhw setup firewall"
and no message about firewall in boot log.
i set it to executable and re-run the command. everything seem OK. no "permission denied" and the boot log just show it's loaded.

anyway, /etc/firewall.conf show only INTERFACE="eth0". is it refer to pci network card? i mostly use wireless so how to add a new interface? wlan0 of eth1 etc..

First off, you need to su to root to use tazhw, which is why your getting the permission denied error.

Secondly, I assume you just change the INTERFACE to whatever you wish to monitor, ie INTERFACE="wlan0" or INTERFACE="ppp0" - correct me if I'm wrong anybody that knows.

This is my first Linux and my first Slitaz. also my first computer too (old PC) my ages about 25 years old. and I think im not to late to learn linux.

first, i dont know what should i do to fix the firewall. because i really dont understand about the code.
theres no linux user in my region. so i try to learn it from here.
but i still confused.

I need to learn it from scratch.

any tutorial for noob?

(forgive me for my bad english. hope u all understand) thanks :)

Stopstock, my previous post in this thread is a tutorial.

It might be easiest to login as root to do it.  The parts of the instructions that look like name/secondname/thirdname refer to the system's folders and files tree that you can navigate with the PCMan file manager.  You can edit many files by opening them with leafpad.