In need of firewall codes on iptables

kunal_bhattacharya · 07-11-2005, 09:49 AM

I'm trying to code a firewall in linux using iptables, for a wireless lan network as a project. I'm still new to networking, so I would be thankful if somebody could help me out in framing a good firewall policy. I'm searching some codes on iptables which would help me get the right kind of firewall i need.

any kind of suggestions or views will be welcome .
mail: kunal_bhttchrya@yahoo.com

Hangdog42 · 07-11-2005, 11:34 AM

You might want to ask the mods to move this to the Security forum as you'll probably get better advice there. As far as iptables is concerned, a wireless interface is no different from a wired one.

Really the best way to start with iptables is to set all of your defaults to DROP so that your computer is completely isolated from the net and then start setting rules that allow the kind of traffic that you're willing to have. Just remember that iptables rules are executed in order and the packet is handled according to the first rule that matches. Without more specifics on the kinds of things you are trying to do with this firewall, it won't be easy to make suggestions about how to write one. However, I would spend some serious time searching here at LQ as I know there is a lot of advice on writing good iptables firewalls. The Security forum is going to be your best bet.

david_ross · 07-11-2005, 12:35 PM

Moved: This thread is more suitable in Security and has been moved accordingly to help your thread/question get the exposure it deserves.

Capt_Caveman · 07-11-2005, 05:08 PM

This is one of my favorite tutorials, which includes a number of example firewalls
http://iptables-tutorial.frozentux.n...-tutorial.html

Here is a little more simplistic example for a single host firewall:
http://www.linuxquestions.org/questi...60#post1284560

Wireless networks pose an interesting problem for firewall design. An unsecured or even a secured link using one of the weaker encryption implementations (WEP and some WPA) absolutely require that you treat them like an untrusted DMZ. Personally I would consider all wireless networks to be inherently untrusted regardless of the encryption technology used. Putting some thought into the physical design of your network can go a long way in easing some of the firewalling headaches. For example just plugging a wireless AP into your trusted network is a major no-no, not only because you may be broadcasting sensitive information, but you also may be providing a means of circumventing your perimeter firewall.

kunal_bhattacharya · 07-13-2005, 04:17 PM

I thank you all for the suggested links specially the one on the iptable tutorial.
I finally have most of the rules configured and tested.

I wanted to post all the rules I coded, but i'll do so in the next reply, I would like to suggest a page where i found the solutions to most of my problems, http://www.linuxhelp.ca/guides/iptables/iptables-script

I hope this helps others like me who are searching for simple rules to apply on their firewall servers (I did this just as a part of a project )

peter_robb · 07-14-2005, 02:38 PM

Quote:

I wanted to post all the rules I coded, but i'll do so in the next reply, I would like to suggest a page where i found the solutions to most of my problems, http://www.linuxhelp.ca/guides/iptables/iptables-script

I still prefer the tutorial script; much easier to modify and uses fewer of the cumbersome rules your recommended one uses.
There are scripts available that also add sysctl entries, but these are bordering on paranoid security levels.
I would always recommend starting with a minimal ruleset until you can understand it fully.
eg There is a very good reason for loading the filter table rules first..

Then of course the sky is the limit..