Hi, just installed linux, read a book on linux for everyday use. The thing is that it does not mention firewalls. Don't i need one? I ran the the test on grc.com and almost all of my ports were closed. That's ok, but the best would be if they were stealth. On my winxp box i use sygate and that is a very good firewall. on grc.com, the test showed stealth on all the tests.

I use mandrake linux 10.0 and shorewall is supposed to be here, but i can't seem to make it work. when i turn it on it just blocks everything.
Downloaded libfwbuilder or something, annother firewall. It needed glib to be installed, so i went to the gtk.org and downloaded glib-2.4.0. installed it, worked fine, but still the libfwbuilder says it needs glib.

1. how do i configure shorewall?
2. why can't libfwbuilder find that glib thing (what is it, by the way?)
3. Do i need to learn about iptables and a lot of networking just to run a firewall on linux?

You can configure shorewall through the Mandrake ControlCentre (you should also have been given the opportunity during the Mandrake installation - it is on by default).

By default a firewall should block all incoming traffic; you need to open up the ports you want to allow in.

If you are just running a client (i.e. no-one needs to initiate a connection to your computer from the outside) then shorewall with the default no ports open should be fine. Works for me, anyway.

hmm... got it right, now the test only detects one closed port. how do you manually stealth a port?
the open port is 113 - auth / ident.

not much you can do with 113. if you stealth it, it slows down certain things. it's safe enough to leave open. this is common to all firewalls.

quote:
_______________________________________________________________________
3. Do i need to learn about iptables and a lot of networking just to run a firewall on linux?


I suggest you atleast learn the iptables because it would surely help you BEEF-UP your security. In my experience, I have solve many problems and tighten security using IPTABLES. (eg. Masquerading, allowing ssh only to a known IP-ADD, Dropping Ping!, .,etc.,)

If you are using a NAT router, you can stealth port 113 by forwarding all packets to an unused IP address on your subnet. As amosf says, this can slow certain things down, if you communicate with certain older UNIX systems which, when you contact them, send a request back to port 113 to confirm identity. However, I don't think that's very common these days. I've forwarded port 113 so it appears stealthed and have yet to see any problems; if you did, you could always unstealth it again.

What exactly did you do?

I had exactly the same problem as you and out of frustration simply tagged the following script, which was supplied but another member yesterday, into shorewalls start file.

# reset firewall
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT

# allow loopback traffic
iptables -A INPUT -d lo -j ACCEPT

# un comment out if you want this machine to respond to pings
# iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# allow established or related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# un-comment out to trust all pc's on your lan.
#iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT

# un comment out if this machine is a printer server, and you have NOT truested all machies on your lan
#iptables -A INPUT -p tcp --dport 631 -s 192.168.0.0/16 -j ACCEPT



I know that probably isn't the right place to have put it but all I wanted was to make my machine secure for my uses of email and web browsing. Shorewall says that file is run every time shorewall is reset or started and there wasn't anything else in it appart from commented lines.

I realise because of where I placed it I won't be able to configure shorewall by any other means than edit the start file each time I want to change something but that's fine with me as I know exactly where to go.

Maybe someone knows where it should be placed in a shorewall setup.

It works fine anyway and grc shields up test looks OK. I have noticed the browsing is slightly slower but nothing drastic however I noticed someone mentioned another test that I should run that gives a better test.

I would appreciate any comments about my start file bodge.

My start file bodge isn't working as well as I thought

In fact as a warning to others DONT DO IT.

It has a peculiar effect on the starting of the system while booting.

I commented out shorewall start file entries I had previously added and the system is now back to normal but I have had to revert the firewall to allow everthing if I want to connect to the internet.

There is deffinately a problem with shorewall and the default settings.

I would appreciate any guidance from experienced users.