LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 04-16-2003, 06:26 PM   #1
cijunet
Member
 
Registered: Nov 2002
Location: Vancouver
Distribution: Slackware 9.0
Posts: 43

Rep: Reputation: 15
firewall sample


Hi all

I'm looking up for a sample of firewall considering that Slackware comes with none. Could you recommand me a site from where I can download or take as example a firewall? I have just started to study iptables, but I can not afford to have my comp unprotected until I am able to build a firewall by myself....

Thanks a lot
 
Old 04-16-2003, 07:33 PM   #2
AltF4
Member
 
Registered: Sep 2002
Location: .at
Distribution: SuSE, Knoppix
Posts: 532

Rep: Reputation: 31
check:
http://www.netfilter.org/documentati...ing-HOWTO.html
http://www.netfilter.org/documentati...g-HOWTO-5.html

5. Rusty's Really Quick Guide To Packet Filtering

Most people just have a single PPP connection to the Internet, and don't want anyone coming back into their network, or the firewall:

## Insert connection-tracking modules (not needed if built into kernel).
# insmod ip_conntrack
# insmod ip_conntrack_ftp

## Create chain which blocks new connections, except if coming from inside.
# iptables -N block
# iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
# iptables -A block -j DROP

## Jump to that chain from INPUT and FORWARD chains.
# iptables -A INPUT -j block
# iptables -A FORWARD -j block
 
Old 04-16-2003, 07:35 PM   #3
AltF4
Member
 
Registered: Sep 2002
Location: .at
Distribution: SuSE, Knoppix
Posts: 532

Rep: Reputation: 31
.. and if you need NAT:
http://www.netfilter.org/documentati...g-HOWTO-9.html

9. Mixing NAT and Packet Filtering

It's common to want to do Network Address Translation (see the NAT HOWTO) and packet filtering. The good news is that they mix extremely well.

You design your packet filtering completely ignoring any NAT you are doing. The sources and destinations seen by the packet filter will be the `real' sources and destinations. For example, if you are doing DNAT to send any connections to 1.2.3.4 port 80 through to 10.1.1.1 port 8080, the packet filter would see packets going to 10.1.1.1 port 8080 (the real destination), not 1.2.3.4 port 80. Similarly, you can ignore masquerading: packets will seem to come from their real internal IP addresses (say 10.1.1.1), and replies will seem to go back there.

You can use the `state' match extension without making the packet filter do any extra work, since NAT requires connection tracking anyway. To enhance the simple masquerading example in the NAT HOWTO to disallow any new connections from coming in the ppp0 interface, you would do this:

# Masquerade out ppp0
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# Disallow NEW and INVALID incoming or forwarded packets from ppp0.
iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i ppp0 -m state --state NEW,INVALID -j DROP

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
 
Old 04-16-2003, 08:30 PM   #4
cijunet
Member
 
Registered: Nov 2002
Location: Vancouver
Distribution: Slackware 9.0
Posts: 43

Original Poster
Rep: Reputation: 15
Thanks! It is just what I need
 
Old 04-16-2003, 08:48 PM   #5
AltF4
Member
 
Registered: Sep 2002
Location: .at
Distribution: SuSE, Knoppix
Posts: 532

Rep: Reputation: 31
no problem
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sample Questions LinuxRam Linux - Certification 52 11-16-2013 11:03 AM
fstab sample kpachopoulos Fedora 1 07-15-2005 09:50 AM
No sound sample 1948chev Linux - General 2 05-07-2004 04:55 PM
Firewall Builder sample firewall policy file ? (.xml) nuwanguy Linux - Networking 0 09-13-2003 01:32 PM
Iptables Sample Firewall Generator mqe Linux - Security 2 06-20-2002 03:12 PM


All times are GMT -5. The time now is 10:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration