Jump to content

Help Help Help I need to setup Firewall


kyzzar
 Share

Recommended Posts

  • 3 weeks later...

Maybe he will want to know what to block and what not. I guess this will be the explanation.

 

Are u going to host sites from here?

Are u going to host files from here?

Are you going to access this PC remotely?

Is this a dedicated firewall PC for your network?

Do you want to have rules and filters?

Do you need to have authentication or just filtering/port blocking?

Link to comment
Share on other sites

  • 1 month later...

I wouldn't recommend Shorewall(the default mandriva firewall), A better choice would be firestarter("urpmi firestarter", if u have urpmi configured, if not go to http://easyurpmi.zarb.org/, and configure it immediately, it makes package management a breeze), once installed u can start if from the CLI(as root, "firestarter"), the wizard is very intuitive, and

 

"The default Firestarter policy is as follows:

 

New inbound connections from the Internet to the firewall or client hosts are blocked.

The firewall host is freely allowed to establish new connections.

All client hosts are allowed to establish new connections to the Internet, but not to the firewall host.

Traffic from the Internet in response to connection requests from the firewall or client hosts is allowed back in through the firewall.

 

This policy allows normal Internet usage such as web browsing and e-mail on the secured hosts, but blocks any attempts to access network services from the outside and shields the local network.(taken from http://www.fs-security.com/docs/policy.php)

I had it installed and running in a matter minutes !

Link to comment
Share on other sites

Thanks

 

-------

Is Firestarter more considered a more secure firewall? (I know now, it's all iptables, but I'm talking about configuration).

The thing is that I have our native Mandriva Shorewall running from MCC and everything is configured just fine with some ports open for filesharing. And I wasn't considering another firewall up to this discussion. But if Firestarter is better..

 

Would Firestarter be a better option for a home desktop computer?

Link to comment
Share on other sites

i prefer firestarter over most apps because it alerts me of activity, i.e. when someone outside of the allowed IP range I have set tries to ssh into my system. and i can choose to block that IP from any access if i want. it's not more configurable, it just gives me more information. less of a "set, start and walk away" more of a "set, start, and keep me informed". it has to be run as root, which is no big deal.

 

also, guarddog (QT whereas firestarter is GTK) is another option, though i've never used it.

 

as far as uninstalling shorewall if you have firestarter, i imagine it'd be a good idea as the two might start conflicting on settings. it depends on how the programs work.

Link to comment
Share on other sites

Shorewall is much more of a dedicated firewall product.

 

As tyme suggests .. shorewall is a "set, start, walk away"

 

There is a very simple rule in firewalling that will ensure your firewall is secure.

 

Keep it simple.

 

Basic run of the mill very secure fw doe some thing like this.

 

BLOCK EVERYTHING, then allow these few things

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...