Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
1) I am running Fedora Core 5 86_64 and was wondering whether anyone could point me in the direction of a good script to set up my firewall. Its accidentally in a rather permissive mode at the moment as a result of me fiddling with it!
I need access for my wireless and wired ethernet card, my modem & internet access, etc. (Wouldn't want to lock myself out of these). I think setting up a firewall myself (even with such tools as Webmin, which I just downloaded) is beyond my scope.
Any suggestions?
2) I was also wondering about SELinux. I had to turn off SELinux sometime ago in order to get vmware to work.
Somebody said:
Quote:
Just get rid of SELinux. Dozens of mysterious problems will suddenly disappear and your TCO will be much lower
What do you think? Exactly how much performance do I save by turining off SELinux?
1) If it's a desktop, I'd try using a gui like firestarter. It's a stateful firewall and you can set it up such that it will prompt you as you use services to allow or disallow them. So when a machine tries to connect, you can just click "Allow this service from this machine".
this script blocks all incoming connections - it's what is commonly called a "stealth firewall script"... it's also super simple, as the only actual *rules* are those two which appear in bold... this script will work no matter what your interfaces are called, or how many you have...
after executing the script, i believe you save the configuration (on red hat distros) by doing a:
If you want to open a specific incoming port, you can do it something like this.
$IPT -A INPUT -p tcp --dport 25 -i eth0 -j ACCEPT
Which you can add at the end. That specifies that 'port 25' (smtp) is open for the interface called 'eth0'.
if you're using the script above, it would be a good idea to use the state table for this also, otherwise you're just allowing packets of any state (which kinda defeats the purpose of stateful filtering):
Code:
$IPT -A INPUT -p TCP -i $IFACE --dport 25 \
-m state --state NEW -j ACCEPT
where $IFACE is the interface you want the rule to apply to...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.