Firewall

tommytomato · 09-26-2006, 09:16 PM

Hi all

I'm running Debian GNU/Linux 3.1

And I wish to install a firewall, do I go iptables or a GUI firewall package that I can bring up from the command

. is there such a package.

How do I tell if I have iptables or a firewall is installed on the system.

Code:

find / -name iptbales bring up nothing

can any one help me out please

TT

Matir · 09-26-2006, 09:31 PM

Iptables is the defacto standard for firewalling on Linux. As far as I know, all GUIs are merely front-ends to iptables.

IBall · 09-26-2006, 09:47 PM

There are a number of scripts available that will set some iptables rules for you. Search google for some.

The guarddog or firestarter packages have a good graphical frontend, but both create a startup script for you. I prefer guarddog.

--Ian

tommytomato · 09-26-2006, 09:50 PM

Quote:

Originally Posted by Matir

Iptables is the defacto standard for firewalling on Linux. As far as I know, all GUIs are merely front-ends to iptables.

I see so iptables is standard to most linux systems

so how do i got about get it up and running,

apt-get install iptables

What I meant by GUI was, I was hoping to install a front end firewall package that will load from the command line in the light blue screen colour we seen when installing an OS.

I use Putty from one PC (XP) to another(Debian).

if you get what I mean.

TT

Code:

apt-get install iptables
Reading Package Lists... Done
Building Dependency Tree... Done
Suggested packages:
  ipmasq iproute
The following NEW packages will be installed:
  iptables
0 upgraded, 1 newly installed, 0 to remove and 5 not upgraded.
Need to get 381kB of archives.
After unpacking 1270kB of additional disk space will be used.
Get:1 http://mirror.aarnet.edu.au stable/main iptables 1.2.11-10 [381kB]
Fetched 381kB in 7s (49.3kB/s)
Selecting previously deselected package iptables.
(Reading database ... 26381 files and directories currently installed.)
Unpacking iptables (from .../iptables_1.2.11-10_i386.deb) ...
Setting up iptables (1.2.11-10) ...

tommytomato · 09-26-2006, 10:22 PM

I have a backup iptables file that I use some time ago written by a friend. ( Generated by iptables-save v1.2.9 on Tue Sep 21 12:29:55 2004 )

I know where the file was stored on a tinysofa system, but where does debian store its iptables file

can the file I have be used on debian

TT

Code:

*mangle
:PREROUTING ACCEPT [1:576]
:INPUT ACCEPT [1:576]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [2:1152]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*filter
:INPUT ACCEPT [6:3456]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT

# Generated by iptables-save v1.2.9 on Tue Sep 21 12:29:55 2004
*mangle
:PREROUTING ACCEPT [1644:139895]
:INPUT ACCEPT [1644:139895]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1533:369026]
:POSTROUTING ACCEPT [1532:368906]
COMMIT
# Completed on Tue Sep 21 12:29:55 2004
# Generated by iptables-save v1.2.9 on Tue Sep 21 12:29:55 2004
*nat
:PREROUTING ACCEPT [25:3104]
:POSTROUTING ACCEPT [11:736]
:OUTPUT ACCEPT [11:736]
COMMIT
# Completed on Tue Sep 21 12:29:55 2004
# Generated by iptables-save v1.2.9 on Tue Sep 21 12:29:55 2004
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [1:120]
:REJECT-PKT - [0:0]
-A INPUT -s 83.132.97.14 -j DROP
-A INPUT -s 81.199.85.110 -j DROP
-A INPUT -s 218.16.120.80 -j DROP 
-A INPUT -s 210.59.228.94 -j DROP 
-A INPUT -s 219.153.0.218 -j DROP 
-A INPUT -s 63.93.95.121 -j DROP 
-A INPUT -s 203.134.154.2 -j DROP 
-A INPUT -s 67.52.65.10 -j DROP 
-A INPUT -i lo -j ACCEPT 
-A INPUT -s 127.0.0.0/255.0.0.0 -j DROP 
-A INPUT -d 127.0.0.0/255.0.0.0 -j DROP 
-A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT 
-A INPUT -j REJECT-PKT 
-A OUTPUT -s 127.0.0.0/255.0.0.0 -j ACCEPT 
-A OUTPUT -s 10.0.0.0/255.0.0.0 -j ACCEPT 
-A OUTPUT -s 192.168.1.0/255.255.255.0 -j ACCEPT 
-A REJECT-PKT -p tcp -m tcp -j REJECT --reject-with tcp-reset 
-A REJECT-PKT -p udp -m udp -j REJECT --reject-with icmp-port-unreachable 
COMMIT
# Completed on Tue Sep 21 12:29:55 2004

tommytomato · 09-27-2006, 12:25 AM

Ok I've work out how to add rules to iptables.

but how you restart iptables, or get it to come on when the PC loads

could some point me to some simple to read about iptables for debian please.

I've tried here
http://www.little-guardian.com/diy/iptables.html

and a few other sites.

TT