Configure Shorewall to block port 113 with SpeedTouch modem

Q I have set up the firewall in the Mandriva Control Center by unchecking all boxes, which should stop anything getting through. I then went to Steve Gibson's Shields Up! site (https://grc.com/x/ne.dll?bh0bkyd2) and ran the Common Ports test. Everything was then 'stealthed' apart from port 113 (IDENT). This was using my Alcatel SpeedTouch USB modem. However, if I connect using my Netgear combined router/firewall, everything is stealthed, including port 113. So how do I configure Shorewall to stealth port 113 when using the SpeedTouch? I know there are arguments that port 113 shouldn't drop network packets as this can cause problems, but I use the router for hours on end and never experience any connection slowdowns, even though it does stealth this port. And of course, if you reject packets, crackers know that your computer exists...

A You have discovered the disadvantage of GUI control panels: you can only control the options for which a button has been provided. As you hint at, Mandriva uses Shorewall as its firewall, Shorewall is a capable system with a lot of options, but the Control Center barely scratches the surface. To make Shorewall stealth port 113, you'll need to edit the file /etc/shorewall/ rules as root. Immediately before the last line, add the following:

DROP net fw tcp 1    13

Now go into the System > Enable Or Disable Services part of the Control Center, stop Shorewall, then start it again to load your new settings. Go back to Shields Up! and you should find port 113 is stealthed. If you want more control over your firewall settings than the Mandriva Control Center offers but do not want to delve into Shorewall's rules, you may find Guarddog (www.simonzone.com/software/guarddog) more suitable. Both of the programs are front-ends to build rules for the Linux kernel's own firewalling, but Guarddog does it through a GUI. The choice is yours.

Follow us on Identi.ca or Twitter

Username:   Password:
Create Account | About TuxRadar