Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 04-06-2008, 04:36 AM   #1
LQ Newbie
Registered: Apr 2008
Posts: 2

Rep: Reputation: 0
linux firewall

I'm new to linux.
I need a iptables firewall for my linux mail server.
I want to permit only icmp ping,ssh,smtp,pop3,http.
Please help me.

Thanks in advance.
Old 04-06-2008, 05:12 AM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
well you already have the firewall installed, presumably you actually mean a gui to simplify the configuration of it? your distro should alreayd have somethign there by default, but also check out firestarter and guarddog amongst others.
Old 04-06-2008, 05:15 AM   #3
LQ Guru
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
1) Read iptables man page
[code]man iptables

2) Read some docs at iptables website

3) Try to write a ruleset (a script is good); if you don't feel it's working, or are not sure what to do exactly, post here what you did so far and we'll help you further. Firewall is an important thing to know how it works, so it's definitely worth it doing it yourself, as that way you'll learn the most. The web is probably full of ready iptables scripts, but if you want to know for sure what your configuration does, you'll need to do it yourself (and it is not that difficult really; just read the manpages and pay attention to the examples at any docs).

Typically what you do is first "clean" the rules (flush all chains, then delete all non-builtin chains), then set default policies for the chains (if you need, create your own chains) to disallow (drop) any traffic not specially allowed, and then make the "exception" rules for what you need. What you need to know is the ip addresses (static, if you use them in the script!) you'll be using in your rules, if any, ports used by the services you want to allow and most importantly what you want to do: drawing a picture on paper won't harm you. It helps sorting it out.

You'll probably begin with something like
# ...
# rules for exceptions..
# ...
The rest depends on what you come up with exactly - port numbers and such, maybe connection tracking (like '$IPT -P INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT' in some scripts) and so on.
Old 04-06-2008, 06:41 AM   #4
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678
Please put your disto in your user profile. Some distro's such as Fedora Core & SuSE already have a firewall configuration program. But we don't know which distribution you have installed.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
BSD Firewall vs Linux Firewall ? rootlinux Linux - Security 5 08-29-2007 08:38 AM
Linux Firewall Vs Firewall Appliance depam Linux - Security 4 11-20-2006 02:55 PM
how to m$ win client+firewall to linux sshd and use linux to access the M$ computer c_mitulescu Linux - Networking 7 05-14-2004 01:56 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:35 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration