Firewall question so basic it's sad [SOLVED]

Steve S. · Tux's lil' helper Joined: 22 Sep 2005 Posts: 131

Hello all,

I'm loath to ask something so seemingly simple, but I couldn't find it in the handbook, searching the forums, etc. Most assuredly, I'm looking in the wrong place, but would some one please help this simple noob out by answering his piddly question:

How do I set up a firewall with Gentoo?

I have looked through gnome, trying to find something under applications and the like that I missed, but I don't see anything obvious.

I want to set up SSH but don't want to if I can't have a simple firewall first.

Thanks for any info that you can give me.

BlakeJob · Tux's lil' helper Joined: 23 May 2004 Posts: 80

I've used shorewall as a software firewall in the past.

ecosta · Guru Joined: 09 May 2003 Posts: 477 Location: Brussels,BE

Hi Steve,
No stupid questions here!

You have many apps to help you configure your firewall. To findout which they are, the simplest would be to have a look at what is in "/usr/portage/net-firewall". I use shorewall. So if you want some basic info about it do:

rev138 · l33t Joined: 19 Jun 2003 Posts: 848 Location: Vermont, USA

If you're feeling n00bish, shorewall (and many other things) can be configured quite easily through Webmin, which is also in portage.

at240 · l33t Joined: 12 Aug 2005 Posts: 603 Location: UK

Don't forget the Gentoo Wiki too---there's at least one 'iptables for noobs' article. Alternatively, if you want something really simple and user-friendly, check out firestarter.

Steve S. · Tux's lil' helper Joined: 22 Sep 2005 Posts: 131

Wow! Unfortunately this may start a trend: since it is so easy to get great responses, I may simply have to ask more questions. :wink:

That being said, I checked in my /usr/portage/net-firewall and discovered that I have firestarter, shorewall and a variety of others.

The question now is, as told to a noob that is used to the gui world (myself), how does one go about setting one of these firewalls up?

magor · n00b Joined: 15 Sep 2005 Posts: 12

Check your kernel config and if necessary make menuconfig as described above than just emerge firestarter/shorewall/whatever.

at240 · l33t Joined: 12 Aug 2005 Posts: 603 Location: UK

Steve, if you're interested in firestarter, have a look at its documentation on its website: http://www.fs-security.com/

The documentation is very, very simple and clearly written. It might not be the most powerful or sophisticated firewall (I'm saying that because I really don't know about some of the alternatives), but it has a really easy graphical interface.

rev138 · l33t Joined: 19 Jun 2003 Posts: 848 Location: Vermont, USA

I'll repeat my recommendation for webmin. It think it's an excellent system administration tool for a newbie, since it lets you configure dozens of common programs through an easy web interface.

Steve S. · Tux's lil' helper Joined: 22 Sep 2005 Posts: 131

rev138 · l33t Joined: 19 Jun 2003 Posts: 848 Location: Vermont, USA

Steve S. · Tux's lil' helper Joined: 22 Sep 2005 Posts: 131

I had restarted and when i refreshed the forum page, it asked me whether or not to allow access. I this the magic you speak of? :wink:

So, it looks like it's doing it's thing.

Any other firewall advice from the crew before I mark this solved? Thanks again to everyone for the amazingly immediate response...very reassuring.

ecosta · Guru Joined: 09 May 2003 Posts: 477 Location: Brussels,BE

I'd follow rev138 and install an easy graphical tool to configure your firewall. It won't have all the hype but I'm sure it will keep you protected. If your needs start outgrowing the GUI, then move to shorewall or pure iptables.

Best of luck.
Ed.
PS: Remember to start a rule stating that ssh has access or you'll lock yourself out of the box if rules are too restrictive

_________________
Linux user #201331
A8N-SLI Delux / AMD64 X2 3800+ / 1024 MB RAM / 5 x 250 GB SATA RAID 1/5 / ATI Radeon X700 256MB.