Guest SDMF Posted March 13, 2003 Report Share Posted March 13, 2003 I would like to setup an iptables firewall on my computer. Thing is, I know absolutely jack squat about firewalling, what ports to block, etc. I've done some google searching, and haven't found a decent FAQ. Anyone know of a good FAQ to use, something that explains the process in plain english? Quote Link to comment Share on other sites More sharing options...
fuzzylizard Posted March 13, 2003 Report Share Posted March 13, 2003 Nope, but I do know that firewalling is a very difficult thing to do properly and effectively unless you are a securities expert. However, there are prebuilt firewall programs that will do all the dirty work for you. Any particular reason you want to do this yourself? Now for a more helpfull response folow the link below and type in iptables. The link is for the linux documentation project and should provide you with more then enough links to learn iptables from. However, it is a complex issue best left for sysadmins and security experts so I can not say how much english will be in the links provided. http://www.tldp.org/g_search.html Quote Link to comment Share on other sites More sharing options...
Guest SDMF Posted March 13, 2003 Report Share Posted March 13, 2003 Haha, ok. Thanks. I would like to learn to do this manually just for my own benefit. If the FAQs are going to be extremely technical, then so be it, I will have to manage. Quote Link to comment Share on other sites More sharing options...
Michel Posted March 13, 2003 Report Share Posted March 13, 2003 Shorewall has a good docuemntation. I'm not an expert, but like everything, only allow what you need as far as I know. www.pcflank.com is a good site to find out wchich programs uses which ports or look at the syslog-file for things shorewall blocks. I only allow outgoing things. Shorewall(now automaticaaly set like this) has(had->now automatically set his way) an option ALLOWRELATED, so related connections to your connections are allowed. I think this works like that ->I'm only starting also. Shorewall docs are a good way to start and looking at some internet-pages is also good for finding some info. Prelude is a good addition to a fiewall, but I haven't used it yet. Quote Link to comment Share on other sites More sharing options...
MottS Posted March 13, 2003 Report Share Posted March 13, 2003 I would go with Shorewall too. When you install Shorewall on your computer it comes pre-set and in most cases, you have nothing to modify. All the config files are in /etc/shorewall and everytime you modify one of those, you have to restart shorewall (type 'service shorewall restart' as root). The most important files are /etc/shorewall/policy and /etc/shorewall/rules. 'policy' defines general rules. It defines if the computer can access the net (you want that) or if people from the net can access you box (you don't want that). 'rules' is the exeption to 'policy'. For example, if you set that no one is allowed to connect to your computer from the net BUT you want to run Apache (port 80), then you can write it to that file. There is really good examples at the beginning of each files (policy and rules). Install Shorewall and read them, I'm sure you'll find it usefull, straith forward and easy.. BTW, the file /etc/services gives you which service uses which port.. Good luck! MOttS Quote Link to comment Share on other sites More sharing options...
aru Posted March 13, 2003 Report Share Posted March 13, 2003 ... Anyone know of a good FAQ to use, something that explains the process in plain english? http://www.netfilter.org/ http://www.netfilter.org/documentation/ind....html#tutorials http://www.netfilter.org/documentation/ind...ndex.html#HOWTO http://www.netfilter.org/documentation/index.html#FAQ ... HTH Quote Link to comment Share on other sites More sharing options...
sglafata Posted March 13, 2003 Report Share Posted March 13, 2003 I would go with Shorewall too. When you install Shorewall on your computer it comes pre-set and in most cases, you have nothing to modify. All the config files are in /etc/shorewall and everytime you modify one of those, you have to restart shorewall (type 'service shorewall restart' as root). The most important files are /etc/shorewall/policy and /etc/shorewall/rules. 'policy' defines general rules. It defines if the computer can access the net (you want that) or if people from the net can access you box (you don't want that). 'rules' is the exeption to 'policy'. For example, if you set that no one is allowed to connect to your computer from the net BUT you want to run Apache (port 80), then you can write it to that file. There is really good examples at the beginning of each files (policy and rules). Install Shorewall and read them, I'm sure you'll find it usefull, straith forward and easy.. BTW, the file /etc/services gives you which service uses which port.. Good luck! MOttS From the Shorewall web site, under the Download link, I quote "WARNING - YOU CAN NOT SIMPLY INSTALL THE RPM AND ISSUE A "shorewall start" COMMAND. SOME CONFIGURATION IS REQUIRED BEFORE THE FIREWALL WILL START." I also found this statement to be true. You will need to configure Shorewall before running it. In either case, I do suggest taking a look at http://www.shorewall.net. Lots of excellent information and believe me, you will learn a lot from it. It may be a good basis to start. Then later if you want to manually configure netfilter, go ahead. But if you are just learning it. Learn the basics first - how it works and the configuration. Quote Link to comment Share on other sites More sharing options...
Guest GorGor Posted March 19, 2003 Report Share Posted March 19, 2003 Hi there are some posts on an easy iptables based firewall called guarddog. You can get it here http://www.simonzone.com/software/guarddog/ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.