linux firewall that does not allow any services

Slack11 · 05-21-2006, 12:36 PM

Hi guys,

I was using a script from www.projectfiles.com/firewall that should be doing the job fine.

Now I've upgrdadded my kernel and it doesn't work after I try to reinstall it. It does not even let me access the internet.

I'm wandering though as if I scan my system with www.grc.com -the well know ShieldsUp it says ALL PORTS are in STEALTH MODE which is perfect,but when I scan my system with let's say nmap it says that some ports are opened and one of these is SSH. Now I am behind a rather "advanced" router I believe,but it still (in all cases scanned with nmap or other scanner reports SSH open,in addition the install script is asking me to un-check SSH) I'm no longer using that script.

What would be your comments on the above?
Is my Reasoning correct?

I really need a firewall script that will NOT PROVIDE ANY SERVICES APART FROM LETTING ME TO ACCESS THE INTERNET.

What would you recommend that should work on my kernel(2.6.15.7 on Slackware10.2)

Many Thanks.

P.S. I feel that in each case I should have my own firewall on my linux,but what are your opinions on that as well.

crash88 · 05-21-2006, 12:47 PM

Just a stab, but maybe ssh is bound to just one of your NICs. That is to say if you're running a multi-homed host, which most firewalls are. Is sshd starting up when you boot? Check dmesg. When you run nmap, I'd specifically type in the outside address to see what turns up.

Slack11 · 05-21-2006, 12:55 PM

I have 1 lan card, it's laptop in my dorm

I don't think that there are multiple/virtual hosts on it.

Yes OPENSSH is starting at boot,

Yes I've always tried scanning with whatever scanner or website to the external IP address and again ALL sites reports ALL ports in STEALTH ,while the scanner apps reports some ports as OPEN including SSH

Brian1 · 05-21-2006, 01:18 PM

You have router between the machine and the internet. All outside scanning sites will only scan the routers outside port. Now when using nmap and use the loopback interface of 127.0.0.1 then it will more than likely show open ports. Now if you scan the machine with the assigned IP on eth0 then it will give you more of open closed status. Best way is to use another machine in the lan to scan the machine with.

Brian1

Slack11 · 05-21-2006, 01:59 PM

that's what I thought in a very similar way.

Would you reccommend some firewall script that will run on my kernel 2.6.15.7?

Thanks.

Slack11 · 05-21-2006, 02:13 PM

Basically what I'm after is a solution to the problem - a firewall,packet filtering or smth like that,

to run on my kernel 2.6.15.7

to let ME do whatever I want on the Internet

to DENY ALL OTHERS access to my laptop

Now I hear you all saying there are thousands of firewall scripts if you do google (Yes indeed there are)

Hence why I'm asking for a Reccommendation (based from your experience or whatever else you might think of)

which one to choose,

which one will be the best in terms of catering for my requirements.

Thanks.

Brian1 · 05-21-2006, 04:42 PM

Check out this link. It ask you question about your system and builds the firewall to suite your needs. I use this sometime to get started and tweak from there.
http://easyfwgen.morizot.net/gen/

Brian1