Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm trying to code a firewall in linux using iptables, for a wireless lan network as a project. I'm still new to networking, so I would be thankful if somebody could help me out in framing a good firewall policy. I'm searching some codes on iptables which would help me get the right kind of firewall i need.
You might want to ask the mods to move this to the Security forum as you'll probably get better advice there. As far as iptables is concerned, a wireless interface is no different from a wired one.
Really the best way to start with iptables is to set all of your defaults to DROP so that your computer is completely isolated from the net and then start setting rules that allow the kind of traffic that you're willing to have. Just remember that iptables rules are executed in order and the packet is handled according to the first rule that matches. Without more specifics on the kinds of things you are trying to do with this firewall, it won't be easy to make suggestions about how to write one. However, I would spend some serious time searching here at LQ as I know there is a lot of advice on writing good iptables firewalls. The Security forum is going to be your best bet.
Wireless networks pose an interesting problem for firewall design. An unsecured or even a secured link using one of the weaker encryption implementations (WEP and some WPA) absolutely require that you treat them like an untrusted DMZ. Personally I would consider all wireless networks to be inherently untrusted regardless of the encryption technology used. Putting some thought into the physical design of your network can go a long way in easing some of the firewalling headaches. For example just plugging a wireless AP into your trusted network is a major no-no, not only because you may be broadcasting sensitive information, but you also may be providing a means of circumventing your perimeter firewall.
I still prefer the tutorial script; much easier to modify and uses fewer of the cumbersome rules your recommended one uses.
There are scripts available that also add sysctl entries, but these are bordering on paranoid security levels.
I would always recommend starting with a minimal ruleset until you can understand it fully.
eg There is a very good reason for loading the filter table rules first..
Then of course the sky is the limit..
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.