Iptables/firewall: noob Q about cmdline fw's. [SOLVED]

[jlmcp]

All,

(Fully aware that this is a noob Q.)

I have a Gentoo server that I need to add a host-based firewall to. Figured Iptables was the way to go. The amount of information and features available for Iptables is somewhat daunting for a first-timer, so I wanted to see in anyone knows of a 'Iptables for Dummies' guide out there somewhere. For now I just need the basics ... port filtering ... stateful inspection ... etc.

Can someone point me to a resource for noobs?

Thanks in advance.

Jake Lane.
_________________
Dell PowerEdge :: 3.8 GHz Pentium 4 :: 1 GB RAM :: Kernel: 2.6.36-gentoo-r2

[digitall2000]

hey,
it's called firestarter
and it is in portage
go to their site
emerge it

lance

[jlmcp]

Interesting. Thanks for the tip.

This would be perfect for a workstation/laptop ... but I am working on a remote server (read: only SSH access). Trying to find something I can admin from the command line.

Additional suggestions?

Jake
_________________
Dell PowerEdge :: 3.8 GHz Pentium 4 :: 1 GB RAM :: Kernel: 2.6.36-gentoo-r2

[digitall2000]

i think the othe script base one that is popular is shorewall

tried this ?
http://packages.gentoo.org/search/?sstring=firewall

well it seems like you are using 2 nix boxes
one remote one at home (?)

you can pretty easily run a gui app remotely
on x that is what it does. as i see it, maybe i am
wrong, but x sees everything a socket connection

http://gentoo-wiki.com/HOWTO_X-forwarding
http://gentoo-wiki.com/HOWTO_Use_TightVNC_W/_JPEG_Compression_to_connect_to_existing_X_Sessions

http://gentoo-wiki.com/Index:HOWTO#Network

Network

* HOWTO FreeNX Server - Accessing X11 over low-bandwidth connections
* HOWTO TIVO Wireless & Gentoo Firewall
* HOWTO Use VNC to connect to existing X Sessions
* HOWTO X-forwarding Setup X-Forwarding for use in ssh
* HOWTO sftp command line completion Enable command line completion in sftp
* HOWTO XDMCP - X Display Manager Control Protocol
* HOWTO XVNC Terminal Servers

hope this helps
lance

[madisonicus]

Well you can't ever go wrong checking in the official documentation:
Gentoo Security Handbook
http://www.gentoo.org/doc/en/articles/dynamic-iptables-firewalls.xml

The gentoo-wiki is also a great place to start:
http://gentoo-wiki.com/HOWTO_Iptables_for_newbies
http://gentoo-wiki.com/HOWTO_Iptables_and_stateful_firewalls

And if that's not what you were looking for, Google suggests:
http://www.justlinux.com/nhf/Security/IPtables_Basics.html
LinuxHomeNetworking
http://www.novell.com/coolsolutions/feature/18139.html
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
http://www.faqs.org/docs/iptables/

Shorewall is a great tool, but maybe too powerful for what you need. Most iptables scripts are 30-50 lines long and work perfectly well for home purposes.

-m
_________________
Please add [SOLVED] to your message title if you feel that your question has been answered.
------
Intel Q9300 Core2 Quad * Gigabyte GA-EP35C-DS3R
Samsung x360
AMD64 x2 4200+ * TF7050-M2 * HTPC
ZOTAC ION A-U Mini-ITX * HTPC

[digitall2000]

well i am using firestarter
you could to lean some of the arcane syntax of iptables
go to the remote machine
load firestarter
save the iptables rules that it has created
then print them out and study them
it's a working start

lance

[BitJam]

I've been using a bash script called rc.firewall. Their main site is down. Perhaps they've stopped supporting it but you can still get version 2.0rc10 (which is what I'm using) from this site.

I'm a bit bummed that the main site is down because it was full of very useful tips and tricks on how to use rc.firewall in all sorts of arcane situations.

I put the script in /etc/init.d and edited it to say which ports I wanted to be open then in /etc/conf.d/net I added these lines:

[jlmcp]

Thanks all ... appreciate the pointers in the right direction.
This is plenty to get me started.

Jake
_________________
Dell PowerEdge :: 3.8 GHz Pentium 4 :: 1 GB RAM :: Kernel: 2.6.36-gentoo-r2