Hi,

Need help figuring out how to design my own firewall and configuring it.

Thanks.

I would suggest you install gufw; it's a GUI frontend for iptables (which is part of the Linux kernel) you can use to configure your firewall. It's in the Debian repos.

Edit:

I saw your intro post. You can configure iptables directly. See

or search the web for "configuring iptables."

[QUOTE=frankbell;5286695]I would suggest you install gufw; it's a GUI frontend

I want to do it without the GUI.
thanks

See that edit to my previous post.

Thanks a lot i will try it and get back here. Cheers

Hey i tried the iptables. Got a few lines up and saved and used restore. Now i am using VirtualBox so i dont know how to check if my commands in the iptables.up.rules is working or not.


my commands were

*filter

# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allows all outbound traffic
# You could modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

# Allows SSH connections
# The --dport number is the same as in /etc/ssh/sshd_config
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

# Now you should read up on iptables rules and consider whether ssh access
# for everyone is really desired. Most likely you will only allow access from certain IPs.

# Allow ping
-A INPUT -p icmp -j ACCEPT

# log iptables denied calls (access via 'dmesg' command)
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# Reject all other inbound - default deny unless explicitly allowed policy:
-A INPUT -j REJECT
-A FORWARD -j REJECT

COMMIT

If you want to do it manually, the ArchWiki has a great guide to setting up a simple stateful firewall that should work with any distro using iptables:
https://wiki.archlinux.org/index.php...teful_firewall

Otherwise there is FireHOL, an excellent setup utility which abstracts the process using human-readable config files:
http://firehol.org/

Thanks a lot will give it a try, and report back thanks again.

I need to enable https, http and ICMP alone and need to check it. please help

One of my LUG members made his iptables script at meeting a couple of years ago. You might find it a useful resource.

http://twuug.org/mediawiki/index.php...irewall_Script

1 members found this post helpful.

I actually want a VM to act like a router. How do i do that ? And then i need to add a firewall to selectively send/receive packets. Please Help

I have no experience using computers as routers, though I've read about it and know it's not all that difficutl, but I would hesitate to use a VM for that purpose. Doing so adds an extra layer of complexity.

You might want to read this: http://superuser.com/questions/72748...irtual-machine