LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-30-2005, 02:53 PM   #1
Hangetsu
LQ Newbie
 
Registered: Nov 2005
Location: Pennsylvania, USA
Distribution: openSuSE 10
Posts: 27

Rep: Reputation: 15
iptables - Newbie Desktop Config


My machine is purely a desktop and will be for the foreseeable future. Therefore, I have no need for server apps. Also, I have no plans to do any sort of remote connection into my desktop machine.

Can anyone suggest a quick easy way to set up iptables so that ONLY connections initiated by my occur over the internet, and to prevent anyone connecting in from outside?

Thanks in advance -- This board has been an outstanding help!
 
Old 11-30-2005, 03:04 PM   #2
tuxrules
Senior Member
 
Registered: Jun 2004
Location: Chicago
Distribution: Slackware64 -current
Posts: 1,144

Rep: Reputation: 56
try to use firestarter. It is a gui firewall based on iptables. If you want to run a firewall primarily based out of a script then you will have to learn how to write iptables rules. Here's the iptables website.

BTW, what distro are you using? Even better idea is to include it in your profile.

Hope that helps
Tux,
 
Old 11-30-2005, 03:11 PM   #3
Hangetsu
LQ Newbie
 
Registered: Nov 2005
Location: Pennsylvania, USA
Distribution: openSuSE 10
Posts: 27

Original Poster
Rep: Reputation: 15
Ahh, sorry. That would make some sense!

SuSE 10 Disti
Intel P4 3.0 GHz
1GB RAM
 
Old 11-30-2005, 06:05 PM   #4
bibh_lnxq
Member
 
Registered: Nov 2004
Location: Leiden, Netherlands
Distribution: SuSE; Fedora;Slackware
Posts: 58

Rep: Reputation: 15
I can tell you what I do to stealth a SuSE 9.3 standalone Desktop PC. Use Yast to configure your SuSE firewall further with the Security > firewall menu. Shutdown even more services you don't need via Yast > System > Services (Runlevel) . Check e.g. via www.grc.com. Steve Gibsons ShieldsUP tells me all ports are stealthed except 113 which is closed. Gibson's site also reports that my machine still echoes icmp packets (pings). Open (as root) /etc/sysconfig/SuseFirewall2 with an editor and search for the offending entries. Edit, save and test again. Of course you will have to decide for yourself which services you want and you don't want to be running. Hope that this is of some help. In this way you will not have to think up a whole ruleset for iptables yourself, but subtle this method is not.
 
Old 12-01-2005, 12:48 AM   #5
foo_bar_foo
Senior Member
 
Registered: Jun 2004
Posts: 2,553

Rep: Reputation: 52
let's see
Code:
#!/bin/bash

echo "setting firewall rules...."

#Change the part after the = to the where you IPTABLES is on your system
IPTABLES='/sbin/iptables'

#flush existing rules
$IPTABLES -F INPUT

#This allows all data that has been sent out for the computer running the firewall
# to come back adjust after the -i for your internet connection eth0 for example or whatever
#(for all of ICMP/TCP/UDP).
#For example, if a ping request is made by you it will allow the reply back
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i ppp0 -p icmp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i ppp0 -p tcp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i ppp0 -p udp

# lets try to keep those connection up 
$IPTABLES -A INPUT  -p tcp --dport 113 -j REJECT --reject-with tcp-reset
$IPTABLES -A OUTPUT -p tcp --sport 113 -m state --state RELATED -j ACCEPT

# no undesirables
$IPTABLES -I INPUT 2 -p tcp -m state --state INVALID -j DROP

#Drop all other data
$IPTABLES -A INPUT -i ! lo -j DROP

# lets get fancy and disable ExplicitCongestionNotification here
echo 0 > /proc/sys/net/ipv4/tcp_ecn
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables config ? ryanjliles Linux - Networking 2 09-01-2005 05:45 AM
Firestarter or IPTables config? gbg Linux - Networking 2 03-31-2004 07:44 AM
iptables config - RTT Linux - Security 2 01-10-2004 03:40 PM
Desktop Config raysr Linux - Newbie 4 12-06-2003 07:37 PM
newbie iptables config... christophe.dr Linux - Networking 1 10-08-2003 04:12 PM


All times are GMT -5. The time now is 10:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration