Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
hi i installed my first firewall script ever, and i just have a couple questions, first im a newbie, starting to figure the system out but still need the help of other, ok so here we go
i have slackware 9.0 with ethernet card connected to verizon DSL but it shows up as LAN...who cares, my problem, i know i have "eth0" for EXT_IF "external interface" well i think i do!!!! anyways in the firewall config i put eth0 as my EXT_IF and when i try to start the firewall i get the error "The required variable EXT_IF is empty!!!"
what does that mean? anyways i tried changing config to eth0. ppp+, and ppp0 and nothing helps, any thoughts?
im running Arno's IPTABLES Firewall Script v1.7.3RC-2 its available to look at at linuxguruz.net or .org i cant remember, if anyone checks it out tell me if its a good script considering i know nothing on this area of UNIX!!! i got it cause it looked easy to install!!! please help
Arno's script is a good guide but I wouldn't use it (even modified). Have it around as a guide and write a script from scratch. I suggest using a rule generator script that clears the old rules, deletes the old /etc/sysconfig/iptables file, and writes a new one based on rules in the script. Iptables can be a bear but if you do write your own script, you won't regret it.
well, putit like this, id love to write my own shell bash script but
after the first line /bin/sh i have no clue what to write after that
im still like only 2 weeks old to linux so any suggestions, ill use arnos script a guide but i dont know howto modify or what to modify!!!
You will probably use ppp0 as the external interface. My ADSL uses PPPoE (PPP over ethernet). Use the command "/sbin/ifconfig -a" to show your interfaces, the one with the IP address is the one to set as the external interface (very generally speaking and with many assumptions).
Arno's script has EXT_IF commented out (line starts with a '#' character). Make sure that you deleted the # starting the line.
that was it! im still new to this firewall stuff, its definetly not like popping Norton in the drive and install with windows!! but i like that..more control once i know my shit!! anyways i forgot to delete the #. well i every line has a # and i dont know programing yet so didnt know wich symbols to delete!! ive only used that process for modules!! anyways its past that error but know it wont read my iptables. if you have comment i posted a thread on that problem somewhere in the Newbie forum!!
P.S it was eth0, or i shouldnt say that i just didnt get an error with et0..YET!!!!!
thanks for helping
# load the kernel modules
# remove current rulesets
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
# allow local-only connections
iptables -A INPUT -i lo -j ACCEPT
# permit answers on already established connections
# and permit new connections related to established ones (eg active-ftp)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# accept only individual ports for services
# this will allow packets at port 80 for a webserver:
# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# set a sane policy: everything not accepted > /dev/null
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
so this script you just wrote in the post on top of this, can i just copy that to /etc/rc.d or do i need to modify anything? so far firewalling LINUX has been the hardest for me, ive compiled from source though, in just 2 weeks experience too!!
Well, you can put it in rc.d if you like, but depending on your distro it will not likely work as an init style script.
Just put the file wherever you like (in your path is a good bet...), and just start it by running 'firewall' (or whatever you call it). You can put a reference to it in rc.local to have it start every boot if you like.
As far as modification, you will not need to do anything, unless you want to allow packets to certain ports, in which case you would follow the format of the "iptables -A INPUT -p tcp --dport 80 -j ACCEPT" line, just substitute the port number for the service you want to run. hint: --dport=destination port
If you want to learn a bit about iptables, I suggest following along this script with the iptables manpage to see what's going on.
thank you for your help.. and your right my distro needs a bash script, whatever it is, but basically im pretty new and i know linux is easy to hack if you know your shit, and i just want a basic firewall to keep the unexperienced teenage malicous people out, most older and experienced hackers wouldnt want anything i got and usually dont hurt your files unless ya piss em off!!! so thank you very much!!