Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Does Gentoo livecd amd64 minimal support iptables?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Jurassic
n00b
n00b


Joined: 06 Jan 2014
Posts: 2

PostPosted: Tue Jan 07, 2014 12:20 pm    Post subject: Does Gentoo livecd amd64 minimal support iptables? Reply with quote

Hi awesome Gentoo community,

I am trying to install Gentoo from a livecd with a public ip address assigned. I was wondering do I have the option to build support in the livecd kernel for iptables? Because I can save rules and start iptables with livecd, but when I go to add rules to the filter table I receive output that the filter table doesn't exist. But there should be a filter table by default.

Can anyone share some experience using iptables with the livecd.

I am trying to securely install Gentoo amd64 on a remote dedicated server,
I do not have access to put the dedicated server behind another host (firewall/router) or I would just assign a private ip address with ipv4 output routes.
Back to top
View user's profile Send private message
N8Fear
Tux's lil' helper
Tux's lil' helper


Joined: 15 Apr 2013
Posts: 140
Location: Berlin (Germany)

PostPosted: Tue Jan 07, 2014 4:01 pm    Post subject: Reply with quote

Honestly: I don't know. But what's the matter? If there are no services (except likely sshd) are running on the remote host, there isn't much attack surface. You'll need something like sshd for remote access so you can't disallow it anyways (you can and should use public key auth instead of passwords).
The only thing that is exposed is the kernel itself - but if there would be a vulnerability in the parsing of network packages it's likely that it wouldn't matter much even with iptables as the packages still need to be parsed before iptables can do it's magic...
Back to top
View user's profile Send private message
Jurassic
n00b
n00b


Joined: 06 Jan 2014
Posts: 2

PostPosted: Tue Jan 07, 2014 11:43 pm    Post subject: Reply with quote

First of all thank you N8Fear for your insight!

I think I will use your approach. I love ssh keys! I will use a kvm over ip so I could just leave sshd stopped.

To everyone: If you have any other insights I would love to hear any. But for now I will just use N8Fear's approach.

To N8Fear: Tausend Dank!


Last edited by Jurassic on Wed Jan 08, 2014 7:24 am; edited 1 time in total
Back to top
View user's profile Send private message
666threesixes666
Veteran
Veteran


Joined: 31 May 2011
Posts: 1248
Location: 42.68n 85.41w

PostPosted: Wed Jan 08, 2014 2:51 am    Post subject: Reply with quote

turn off ssh, use ubuntu LTS live media on a spare usb flash key via unetbootin. rescue/install in luxury, even use wifi to install. apt-get flash and watch youtube as you install. facebook, tweet, irc, even post here. apt-get is a great idea for live media, like emerge is a great idea for base systems. emerge is a horrible idea for live media, and apt-get is a horrible idea for base systems.

best of both worlds, instant gratification as you install and build up your not so instant gratification gentoo.

i think ubuntu kinda blows and is unreliable with the graphical login stuff so i ctl + alt + f2 to a getty and use the getty to install rather than a terminal emulator. i use terminal emulators to copy paste commands to flat files and sh flatfile (or chmod +x flatfile && ./flatfile) to run what ever commands from agetty terminals.
Back to top
View user's profile Send private message
N8Fear
Tux's lil' helper
Tux's lil' helper


Joined: 15 Apr 2013
Posts: 140
Location: Berlin (Germany)

PostPosted: Thu Jan 09, 2014 9:46 am    Post subject: Reply with quote

@666threesixes666: The only problem that I see is that as far as I understood it is a remote install - so no fancy graphics (unless using vnc which should be tunneled over ssh if one wants the fancy graphics). I'd go with the ssh approach... - For local installs I'm totally with you (though the choice of live media is made by what distro is included in my favourite pc magazine).

@Jurassic: Gern geschehen!/You're welcome! (the german language forums are a little bit further down... ;-)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum