| View previous topic :: View next topic |
| Author |
Message |
illvzn
n00b
Joined: 18 Jan 2003
Posts: 47
|
 Posted: Mon May 12, 2003 11:41 pm Post subject: building first iptables firewall ;) |
 |
|
I need help/resources for building a very simple firewall to secure my workstation.
So far all I can think of needing info on is how to (drop) all packets, except for ones that I request through programs that I'm running... such as, mozilla/konqueror, gaim, tribes2, quake3, ut2k3, irc clients... just common stuff.
If I could get a simple script setup, I could then read some documentation and then add more features... make this a learning process so that if I needed to allow ssh, telnet connections then I would know what to add to my script 
Any help would be greatly appreciated. I think I'm not very good at googling  |
|
| Back to top |
|
 |
tod
Developer
Joined: 17 Apr 2002
Posts: 136
Location: Ozarks, USA
|
| Posted: Tue May 13, 2003 5:58 am Post subject: |
|
|
A good start would be
http://www-106.ibm.com/developerworks/edu/l-dw-linuxfw-i.html
I would then suggest merging net-firewall/fwbuilder ( it features a druid to get you started quickly).
If you subscribe or have access to Linux Journal at a library, the May and June issues have a pretty good walkthrough of fwbuilder in the Paranoid Penguin section by Mick Bauer.
hth |
|
| Back to top |
|
|
69link
n00b
Joined: 18 Apr 2003
Posts: 53
Location: Sweden
|
|
| Back to top |
|
|
petu
Apprentice
Joined: 01 Sep 2002
Posts: 269
Location: Turku, Finland
|
| Posted: Tue May 13, 2003 10:47 am Post subject: |
|
|
I started making my iptables rules by simply creating these rules:
| Code: |
iptables -P input drop
iptables -P output drop
|
Then I watched the console for dropped packages and made holes for the wall as necessary.
_________________
Never be afraid to try something new. Remember, amateurs built the
ark; professionals built the Titanic. -- Anonymous |
|
| Back to top |
|
|
neilhwatson
l33t
Joined: 06 Feb 2003
Posts: 719
Location: Canada
|
| Posted: Tue May 13, 2003 3:07 pm Post subject: |
|
|
petu has the right of it. There is one golden rule to making firewalls regardless of what OS or tools you are using:
Deny everything by default (input, output, and forward). Then turn on only what you need.
It's harder to do but, you are less likely to have unwanted holes.
You can also try www.netfilter.org, the makers of Iptables. Also, O'Reilly has a book Building Internet Firewall that is a great reference on network services and how filter them.
_________________
The true guru is a teacher.
Neil Watson |
|
| Back to top |
|
|
elykyllek
Tux's lil' helper
Joined: 16 Sep 2002
Posts: 103
Location: Halifax, Nova Scotia, Canada
|
| Posted: Tue May 13, 2003 7:04 pm Post subject: i used this |
|
|
| looking or using these firewalls would be a good start. |
|
| Back to top |
|
|
Jimbow
Guru
Joined: 18 Feb 2003
Posts: 597
Location: Silver City, NM
|
| Posted: Tue May 13, 2003 8:17 pm Post subject: |
|
|
I have been using rc.firewall from http://projectfiles.com/firewall/
It is a single GPL'ed bash script. It is easy to run and configure and does exactly what you are asking for (plus more if desired). I've been thinking about making an ebuild for it.
_________________
After Perl everything else is just assembly language. |
|
| Back to top |
|
|
|
Networking & Security
