Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi, I running on Redhat 8.0 and would like to install a firewall. I do run a webserver on the box. I'm not familiar with firewalls so I was hoping someone would give me a suggestion to which dist. of firewall I should install. Thanks
Distribution: Emacs and linux is its device driver(Slackware,redhat)
Posts: 1,398
Rep:
if you are new to firewalls here is a thing to keep in mind do not thingk like windows there is only one firewall in linux it is iptables(ipchains in the old kernels) other are just wrapper to help you configure them so they all use iptables
Writing a good ipchains scritp can be challenging. Many of the examples I've seen of people's ipchains scripts are kind of bare bones. There's alot to consider. A GREAT aid is this site:
You tell the web site what you want to do with your machine, and it writes an ipchains script for you. Works great. I got a script from the website, then was able to just modify it from then on, because the script the web site writes for you based on your desires is very instructive and interesting.
Last edited by jlangelier; 08-08-2003 at 01:52 AM.
// Edit: Sorry missed that you run the box as a server. In that case I do not recommend the script below. A server will need logging and other fun stuff. //
Since my machine is a simple desktop I use a bare-bones script that allows all outgoing and allows incoming answers but nothing else. It is not perfect (lacks logging, leaves unused outgoing ports open) but it's simple and works.
Save this in as firewall, chown root firewall, chmod 744 firewall, and make it start from your initscripts (in Arch this is a matter of copying the file to rc.d dir and adding the scriptname to the deamons array in rc.conf, RedHat will use a different location).
Code:
#!/bin/sh
#
# /etc/rc.d/firewall: start/stop firewall
#
if [ "$1" = "start" ]; then
/usr/sbin/iptables -F
/usr/sbin/iptables -P OUTPUT ACCEPT
/usr/sbin/iptables -P FORWARD DROP
/usr/sbin/iptables -P INPUT DROP
/usr/sbin/iptables -A INPUT -i eth0 -m state \
--state ESTABLISHED,RELATED -j ACCEPT
elif [ "$1" = "stop" ]; then
killall -q /usr/sbin/iptables
else
echo "usage: $0 start|stop"
fi
#End of file
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.