-   Linux - General (
-   -   Choice of Firewall (

_maco_ 07-08-2003 05:11 PM

Choice of Firewall
Hi, I running on Redhat 8.0 and would like to install a firewall. I do run a webserver on the box. I'm not familiar with firewalls so I was hoping someone would give me a suggestion to which dist. of firewall I should install. Thanks


david_ross 07-08-2003 05:14 PM

Take a look at iptables. It comes with RH8.
man iptables

fatgod 08-07-2003 06:53 AM

even better than that, take a look at a preconfigured iptables firewall.

I am using firegate. It does the job quite nicely.

The url used to be but I think sourceforge have changed stuff a bit. so maybe go and search for firegate.

_gpf_ 08-07-2003 08:14 AM

I use FireHOL. It's great.

fatgod 08-07-2003 10:17 AM

wow. looks cool.

Mathieu 08-07-2003 01:30 PM

Two more... ;)



nakkaya 08-07-2003 04:58 PM

if you are new to firewalls here is a thing to keep in mind do not thingk like windows there is only one firewall in linux it is iptables(ipchains in the old kernels) other are just wrapper to help you configure them so they all use iptables

jlangelier 08-08-2003 01:45 AM

I use ipchains.

Writing a good ipchains scritp can be challenging. Many of the examples I've seen of people's ipchains scripts are kind of bare bones. There's alot to consider. A GREAT aid is this site:

You tell the web site what you want to do with your machine, and it writes an ipchains script for you. Works great. I got a script from the website, then was able to just modify it from then on, because the script the web site writes for you based on your desires is very instructive and interesting.

zopista 08-20-2003 06:47 PM

smoothwall or ipcop

try not to run anything on your firewall machine except the firewall software.

Kent Emia 08-21-2003 04:04 AM

yah... im planning to implement ipcop someday....

Mork 08-21-2003 05:04 AM

// Edit: Sorry missed that you run the box as a server. In that case I do not recommend the script below. A server will need logging and other fun stuff. //

Since my machine is a simple desktop I use a bare-bones script that allows all outgoing and allows incoming answers but nothing else. It is not perfect (lacks logging, leaves unused outgoing ports open) but it's simple and works.

Save this in as firewall, chown root firewall, chmod 744 firewall, and make it start from your initscripts (in Arch this is a matter of copying the file to rc.d dir and adding the scriptname to the deamons array in rc.conf, RedHat will use a different location).

# /etc/rc.d/firewall: start/stop firewall

if [ "$1" = "start" ]; then
        /usr/sbin/iptables -F
        /usr/sbin/iptables -P OUTPUT ACCEPT
        /usr/sbin/iptables -P FORWARD DROP
        /usr/sbin/iptables -P INPUT DROP
        /usr/sbin/iptables -A INPUT -i eth0 -m state \
elif [ "$1" = "stop" ]; then
        killall -q /usr/sbin/iptables
        echo "usage: $0 start|stop"

#End of file

All times are GMT -5. The time now is 06:30 PM.