Hi everyone. I'll being visiting this forum for a few weeks already and let me tell you that the information, resources and members support is incredible. Thanks to all of you in behalf of all the newbies like me. Now to the question, I'm running Mandrakelinux 10 in my system, Basically I use my system for e-mail, INTERNET browsing, etc., nothing fancy just regular usage. I have to confess that I'm a security freak even do, I know that using
Linux represent a major step in improving security compare with windows.

I was reading about IP tables and I was wondering if this is something that I need base in how I use my system. If you guys agree that isn't a bad idea to have one, I will like to ask you Guru's in here if you can provide me with a basic script that I can use as a markup. Countless hours reading about creating scripts but I'm still loss went it comes to command line. Also anyone know about a good book for beginners,what I meant for beginner's is not a book that assumes I know the basics because I don't and then take it from there, like a lot of information I found on the INTERNET. Any help in achieving my goals will be very appreciated. Thanks

Javi

First identify what you want to do. What services do you want visible from the Internet, and what services for you LAN. Second, are you using a proxy or do you need masquerading.

Once you get a clear picture of what you need, writing the script is not too tough. Nobody can write a script that fits your needs perfectly, since everyone's setups are different, but there are many here who can and will help YOU write your script.

Thank you Pcghost for the response. I'm going to try to answer your questions the best I can;

All I do when I'm connected to the internet is search topics, visit my favorite websites, read the post in forums like this one some others so I can learn about Linux and some other matters, retrieve my e-mails and sometime send e-mails as well. I don't play any online games in which you interact with other users. I sometime play music and videos when I'm browsing this forums so I don't want that to be affected. This is what my internet usage represent, pretty boring.

I don't know is this what you mean for service visible from the internet but like I said it before, I just one to be able to retrieve my e-mails, send e-mails, update mandrake when it need to be done (I don't want to interfere with how mandrakesoft communicates with my system to keep it updated) and just browse the internet.

I only own one computer at this moment, I also don't want to interfere with my ISP that it could jeopardize my service.

Sorry for my ignorance but i don't know the answer to this question. I'm just going to type some information hoping that this will provide you with a picture of my system. I think that my ISP (Road Runner) doesn't use proxy server, I'm connected to a cable modem via my 2Wire router/gateway and then to my computer. I think I'm using DHCP now for my Linux network configuration but I want to do a fixed IP eventually cause apparently is more secure. I don't know anything about masquerading.

Javi

looks like this person is not running any servers, and is behind a hardware router.
also, only has a small home network. (so we can trust the local machines ?)

the router IS a firewall is it not ?
unless port forwarding has been configured, his linux machine is already rpotected from incomming connection attempts ?

anyways, just to be over paranoid....

this should start you off.. you will need to add more if you use linux with windows on the network and want file shareing to work.

oops, just saw that you only have one computer.
im pretty sure your gateway / router IS a firewall...

and since that is protecting you from the internet, and there are no local machines to protect againsed, you dont need a second firewall.

am i correct ?

Thank you qwijibo your script seems to have worked for me too.

I couldn't get my Shorewall working as advised elsewhere on this forum and have read so much stuff but still not able to get it working.

It just wasn't allowing any connection with the boxes all unticked and would only allow connections when I set it to enable everything.

Then I read your post a few minutes ago and thought I'd give it a try.

It works fantastically and I know it's working because I went to www.grc.com and tested it out.

I have placed your script inside a file called /etc/shorewall/start.

I hope I put it in the right place.

Thanks very much again. I've spent a couple of days on this.

I really think this is one of the problems with Linux out of the box. The defaults should have set the firewall to maximum security for newbies. Then they would be able to get online to find the help they need to do other stuff.

More qualified people would know how to reconfigure if they wanted more features.

Anyway I'm very happy and can now get back to my plastering.

I spoke too soon.

The firewall settings did work but when I rebooted the system it was very slow to do so and then when it got into starting KDE it frose up and wouldn't go any further.

I've commented out the stuff I put into shorewalls start file and the system is back to normal.

but the firewall still doesn't allow any connections unless I set it to allow everything.

I would appreciate any constructive comments.