LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-16-2006, 10:27 AM   #1
144419855310001
Member
 
Registered: Apr 2006
Distribution: ubuntu 7.04
Posts: 219

Rep: Reputation: 30
How to configure my firewall


1) I am running Fedora Core 5 86_64 and was wondering whether anyone could point me in the direction of a good script to set up my firewall. Its accidentally in a rather permissive mode at the moment as a result of me fiddling with it!

I need access for my wireless and wired ethernet card, my modem & internet access, etc. (Wouldn't want to lock myself out of these). I think setting up a firewall myself (even with such tools as Webmin, which I just downloaded) is beyond my scope.

Any suggestions?

2) I was also wondering about SELinux. I had to turn off SELinux sometime ago in order to get vmware to work.
Somebody said:
Quote:
Just get rid of SELinux. Dozens of mysterious problems will suddenly disappear and your TCO will be much lower
What do you think? Exactly how much performance do I save by turining off SELinux?
 
Old 08-16-2006, 12:39 PM   #2
pljvaldez
LQ Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Wheezy (x86)
Posts: 6,094

Rep: Reputation: 281Reputation: 281Reputation: 281
1) If it's a desktop, I'd try using a gui like firestarter. It's a stateful firewall and you can set it up such that it will prompt you as you use services to allow or disallow them. So when a machine tries to connect, you can just click "Allow this service from this machine".

2) Don't know much about it.
 
Old 08-16-2006, 01:41 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
here's a simple script that will set your policies, clear your tables, and set your rules...
Code:
#!/bin/sh

IPT="/sbin/iptables"

$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT

$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P INPUT ACCEPT
$IPT -t mangle -P FORWARD ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -t mangle -P POSTROUTING ACCEPT

$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT

$IPT -F
$IPT -F -t nat
$IPT -F -t mangle

$IPT -X
$IPT -X -t nat
$IPT -X -t mangle

$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A INPUT -i lo -j ACCEPT
this script blocks all incoming connections - it's what is commonly called a "stealth firewall script"... it's also super simple, as the only actual *rules* are those two which appear in bold... this script will work no matter what your interfaces are called, or how many you have...

after executing the script, i believe you save the configuration (on red hat distros) by doing a:
Code:
service iptables save
just my ...

Last edited by win32sux; 08-16-2006 at 01:45 PM.
 
Old 08-17-2006, 10:44 AM   #4
144419855310001
Member
 
Registered: Apr 2006
Distribution: ubuntu 7.04
Posts: 219

Original Poster
Rep: Reputation: 30
Quote:
If it's a desktop, I'd try using a gui like firestarter.
Thanks. This sounds great.


Quote:
this script blocks all incoming connections - it's what is commonly called a "stealth firewall script"...
Thank you also! Will this block incoming internet connections through my wireless card though?
 
Old 08-17-2006, 01:33 PM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by 144419855310001
Thank you also! Will this block incoming internet connections through my wireless card though?
yes, because the rule doesn't specify any interface, it will block incoming connections on all your interfaces...

Last edited by win32sux; 08-17-2006 at 01:55 PM.
 
Old 08-18-2006, 08:58 AM   #6
144419855310001
Member
 
Registered: Apr 2006
Distribution: ubuntu 7.04
Posts: 219

Original Poster
Rep: Reputation: 30
Quote:
yes, because the rule doesn't specify any interface, it will block incoming connections on all your interfaces...
Looks like I'll have to do some further reading then. I'll see how I go with firestarter too.
 
Old 08-19-2006, 09:20 AM   #7
simcox1
Member
 
Registered: Mar 2005
Location: UK
Distribution: Slackware
Posts: 794
Blog Entries: 2

Rep: Reputation: 30
If you want to open a specific incoming port, you can do it something like this.

$IPT -A INPUT -p tcp --dport 25 -i eth0 -j ACCEPT

Which you can add at the end. That specifies that 'port 25' (smtp) is open for the interface called 'eth0'.
 
Old 08-19-2006, 10:39 AM   #8
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by simcox1
If you want to open a specific incoming port, you can do it something like this.

$IPT -A INPUT -p tcp --dport 25 -i eth0 -j ACCEPT

Which you can add at the end. That specifies that 'port 25' (smtp) is open for the interface called 'eth0'.
if you're using the script above, it would be a good idea to use the state table for this also, otherwise you're just allowing packets of any state (which kinda defeats the purpose of stateful filtering):
Code:
$IPT -A INPUT -p TCP -i $IFACE --dport 25 \
-m state --state NEW -j ACCEPT
where $IFACE is the interface you want the rule to apply to...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to configure my firewall cd1680 Linux - Security 11 03-17-2005 09:41 PM
do I need to configure firewall? totti10 Mandriva 5 10-24-2004 03:37 PM
Need to configure firewall aargh Fedora 3 09-17-2004 03:34 PM
How to configure the Firewall? LinuxSeeker Linux - Newbie 1 02-06-2004 12:49 PM
Please help me configure my Firewall teeno Linux - Security 3 07-01-2003 12:59 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration