now that the net is working i feel like i have compromised my system.
Depending on what changes you manually made to it, you still might be alright. Just like with any firewall, once you get it up and runnning, do some testing (port scanning and penetration testing) to see how it holds up. If you opened up a bunch of gaping holes in the firewall, then you might want to re-configure it because it probably isn't secure. If it holds up to testing, then I'd leave it.
If you need to reconfigure though, you should be able to get your firewall working by selecting the following stuff:
- Reconfigure Firewall Setting
- External Interface
-from this drop down box select the interface that is connected to the internet (if you have dsl, it's likely ppp0 or eth0 but use the ifconfig command to list all the interfaces and select the appropriate one). Make sure that it is the right one.
- Internal Interface
-if this is a standalone box, then you shouldn't have an internal interface, so leave it at "none"
There are a bunch of services listed here. But this page sets up your firewall to allow incoming
connections to be made. This would be great if you were running things like a web server, but you aren't so leave it blank
- Allow traceroute
-You can leave this blank if you want, but technically you should allow traceroute to be in compliance with RFC guidelines.
- Protect all running services
-I have this selected, but since you are not running any services it might be redundant. Go ahead and select it anyway just to be on the safe side.
- Log all Dropped Critical packets
- Log all Dropped Packets
-Until you get things working, have this option on so that you can find out where packets are going. Turn it off once you get up and running.
Select Next and save the configuration
one of the things that i cannot figure out is how to hide my ip address in linux(or at least spoof it)
Spoofing your IP address is very easy to do in linux. You basically just reset it to a different one or use a tool like hping or something similar to do it for you. Unfortunately because of the fundamental way in which spoofing works, it is fairly complex to get any of those spoofed packets back. So by spoofing an IP, you will basically break your internet connection. A more accurate description would be to say that it would become a one-way connection, you can send packets out to whomever you like, but the replies will go to the spoofed IP and not your real IP address (so you won't ever see them). There are ways around that, but you'd have to find a way to intercept those replies or have them relayed to your IP. So I don't think that is something you really want to do.