Jump to content

Newbie to firewalling using iptables

Guest SDMF

By Guest SDMF
in Security

 Share

Recommended Posts

Guest SDMF

Guest SDMF

Posted
Posted

I would like to setup an iptables firewall on my computer. Thing is, I know absolutely jack squat about firewalling, what ports to block, etc. I've done some google searching, and haven't found a decent FAQ. Anyone know of a good FAQ to use, something that explains the process in plain english?

Link to comment
Share on other sites
fuzzylizard MUB Addict

fuzzylizard

Posted
Posted

Nope, but I do know that firewalling is a very difficult thing to do properly and effectively unless you are a securities expert.

 

However, there are prebuilt firewall programs that will do all the dirty work for you. Any particular reason you want to do this yourself?

 

Now for a more helpfull response

 

folow the link below and type in iptables. The link is for the linux documentation project and should provide you with more then enough links to learn iptables from. However, it is a complex issue best left for sysadmins and security experts so I can not say how much english will be in the links provided.

 

http://www.tldp.org/g_search.html

Link to comment
Share on other sites
Guest SDMF

Guest SDMF

Posted
Posted

Haha, ok. Thanks.

 

I would like to learn to do this manually just for my own benefit. If the FAQs are going to be extremely technical, then so be it, I will have to manage.

Link to comment
Share on other sites
Michel MUB Addict

Michel

Posted
Posted

Shorewall has a good docuemntation. I'm not an expert, but like everything, only allow what you need as far as I know. www.pcflank.com is a good site to find out wchich programs uses which ports or look at the syslog-file for things shorewall blocks. I only allow outgoing things. Shorewall(now automaticaaly set like this) has(had->now automatically set his way) an option ALLOWRELATED, so related connections to your connections are allowed. I think this works like that ->I'm only starting also. Shorewall docs are a good way to start and looking at some internet-pages is also good for finding some info. Prelude is a good addition to a fiewall, but I haven't used it yet.

Link to comment
Share on other sites
MottS Mandriva Guru

MottS

Posted
Posted

I would go with Shorewall too. When you install Shorewall on your computer it comes pre-set and in most cases, you have nothing to modify.

 

All the config files are in /etc/shorewall and everytime you modify one of those, you have to restart shorewall (type 'service shorewall restart' as root). The most important files are /etc/shorewall/policy and /etc/shorewall/rules. 'policy' defines general rules. It defines if the computer can access the net (you want that) or if people from the net can access you box (you don't want that). 'rules' is the exeption to 'policy'. For example, if you set that no one is allowed to connect to your computer from the net BUT you want to run Apache (port 80), then you can write it to that file. There is really good examples at the beginning of each files (policy and rules). Install Shorewall and read them, I'm sure you'll find it usefull, straith forward and easy..

 

BTW, the file /etc/services gives you which service uses which port..

 

Good luck!

 

MOttS

Link to comment
Share on other sites
sglafata casual

sglafata

Posted
Posted
I would go with Shorewall too.  When you install Shorewall on your computer it comes pre-set and in most cases, you have nothing to modify.

 

All the config files are in /etc/shorewall and everytime you modify one of those, you have to restart shorewall (type 'service shorewall restart' as root).  The most important files are /etc/shorewall/policy and /etc/shorewall/rules.  'policy' defines general rules.  It defines if the computer can access the net (you want that) or if people from the net can access you box (you don't want that).  'rules' is the exeption to 'policy'.  For example, if you set that no one is allowed to connect to your computer from the net BUT you want to run Apache (port 80), then you can write it to that file.  There is really good examples at the beginning of each files (policy and rules).  Install Shorewall and read them, I'm sure you'll find it usefull, straith forward and easy..

 

BTW, the file /etc/services gives you which service uses which port..

 

Good luck!

 

MOttS

 

From the Shorewall web site, under the Download link, I quote "WARNING - YOU CAN NOT SIMPLY INSTALL THE RPM AND ISSUE A "shorewall start" COMMAND. SOME CONFIGURATION IS REQUIRED BEFORE THE FIREWALL WILL START."

 

I also found this statement to be true. You will need to configure Shorewall before running it. In either case, I do suggest taking a look at http://www.shorewall.net. Lots of excellent information and believe me, you will learn a lot from it. It may be a good basis to start. Then later if you want to manually configure netfilter, go ahead. But if you are just learning it. Learn the basics first - how it works and the configuration.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...