[SOLVED] Firewall setup

Belikewater · 05-30-2016, 05:10 PM

So I am trying to setup my firewall. Right now I dont need any crazy exceptions and blocks, but I wanted to make sure I am doing this right.

I am trying to follow this link.
Can someone tell me if my steps were correct here.

Code:

bash-4.2# nano /etc/rc.d/rc.firewall
bash-4.2# cd /etc/rc.d/rc.firewall
bash: cd: /etc/rc.d/rc.firewall: Not a directory
bash-4.2# ls
9673860-c0ce1d1c4a43dbbd69f17e0357883d7a873ac0d4
efg-1.17
flashplayer-plugin-11.2.202.621-x86_64-1alien.txz
iptables-fwgen-1.17.tar.gz
bash-4.2# cd /etc/rc.d 
bash-4.2# ls
init.d	rc.bluetooth rc.inet2	rc.pcmcia rc.ulogd
rc.0	rc.cgconfig rc.inetd	rc.php-fpm rc.wireless
rc.4	rc.cgred	rc.ip_forward	rc.rpc	rc.wireless.conf
rc.6	rc.consolekit rc.local	rc.samba rc.yp
rc.K	rc.cups	rc.loop	rc.saslauthd rc0.d
rc.M	rc.dnsmasq rc.mcelog	rc.sendmail rc1.d
rc.S	rc.firewall rc.messagebus	rc.serial rc2.d
rc.acpid rc.font	rc.modules	rc.snmpd rc3.d
rc.alsa rc.fuse	rc.modules-3.10.17	rc.sshd rc4.d
rc.alsa-oss rc.gpm-sample rc.mysqld	rc.syslog rc5.d
rc.atalk rc.httpd	rc.networkmanager	rc.sysstat rc6.d
rc.autofs rc.inet1	rc.nfsd	rc.sysvinit
rc.bind rc.inet1.conf rc.ntpd	rc.udev
bash-4.2# cd /etc/rc.d/rc.firewall
bash: cd: /etc/rc.d/rc.firewall: Not a directory
bash-4.2# ls rc.firewall
rc.firewall
bash-4.2# chmod a-x /etc/rc.d/rc.gpm-sample
bash-4.2# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination 

Chain FORWARD (policy ACCEPT)
target prot opt source destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

notKlaatu · 05-30-2016, 05:22 PM

Did you start the firewall?

Code:

$ su -c 'chmod +x /etc/rc.d/rc.firewall
$ /etc/rc.d/rc.firewall start

Once you've done that, paste in the results of iptables -L again.

Also, maybe paste in the contents of rc.firewall for good measure.

astrogeek · 05-30-2016, 05:28 PM

I do not see how you got your "steps" from that page...???

None of your steps has anything to do with a firewall except the iptables -L, which shows that you have no firewall. Some of your steps are not valid, nor the steps which follow them, example:

Code:

bash-4.2# cd /etc/rc.d/rc.firewall
bash: cd: /etc/rc.d/rc.firewall: Not a directory
(twice)

You must try to understand what you expect each step to do, and you must read, and understand the messages returned by each command. Otherwise your result is just gibberish.

You say that you don't need crazy exceptions and blocks, whatever that means, but you do not say what you do need.

So a good place to start would be to make a short list of the services that you do need, then go from there.

Belikewater · 05-30-2016, 05:47 PM

Thank you both. Yea does not seem like I did it right. The problem is I rushed into it amongst other things. I had a wifi outage in my local area last night and most of today, so when they fixed that I rushed right into it. Ill reread the instructions and read some more on the site about generating the firewall.

notKlaatu · 05-30-2016, 08:00 PM

I recommend this:

1. Go to alienBob's firewall generator. http://www.slackware.com/~alien/efg/index.php
2. design your firewall rules and click the GENERATE FIREWALL button.
3. copy/paste results into /etc/rc.d/rc.firewall
4. and make it executable, like this: `chmod +x /etc/rc.d/rc.firewall`
5. Slackware Linux will then automatically run this script with the "start" parameter: `/etc/rc.d/rc.firewall start`

voila.

FYI, the last three points are listed in the comment section of the firewall script that gets generated for you.

Gerard Lally · 05-30-2016, 08:23 PM

Quote:

Originally Posted by notKlaatu

I recommend this:

1. Go to alienBob's firewall generator. http://www.slackware.com/~alien/efg/index.php
2. design your firewall rules and click the GENERATE FIREWALL button.
3. copy/paste results into /etc/rc.d/rc.firewall
4. and make it executable, like this: `chmod +x /etc/rc.d/rc.firewall`
5. Slackware Linux will then automatically run this script with the "start" parameter: `/etc/rc.d/rc.firewall start`

voila.

FYI, the last three points are listed in the comment section of the firewall script that gets generated for you.

If the OP had read his own link and followed the simple steps outlined in one short sentence in that linked article there would be no need for you to repeat this advice. The help people need to create a firewall on Slackware is already out there, easily accessible and intelligible for anyone with an IQ above zero. The OP has already linked to that help in his original post, but it seems he hopes to get there faster by mindlessly dumping random bits of information in this forum and hoping to reel you all in. Which is precisely what happened: you've now outlined the steps to create a firewall in Slackware that were already outlined for him in one short sentence in that article he linked to without bothering to read.

Skaendo · 05-30-2016, 08:39 PM

Quote:

Originally Posted by gezley

If the OP had read his own link and followed the simple steps outlined in one short sentence in that linked article there would be no need for you to repeat this advice. The help people need to create a firewall on Slackware is already out there, easily accessible and intelligible for anyone with an IQ above zero. The OP has already linked to that help in his original post, but it seems he hopes to get there faster by mindlessly dumping random bits of information in this forum and hoping to reel you all in. Which is precisely what happened: you've now outlined the steps to create a firewall in Slackware that were already outlined for him in one short sentence in that article he linked to without bothering to read.

have you ever heard the saying, "If you're not part of the solution, then you're part of the problem"?

Now you have reeled me in to read your mindless random bits with no information. Thanks for wasting my time along with the OPs.

Belikewater · 05-30-2016, 08:40 PM

Quote:

Originally Posted by gezley

If the OP had read his own link and followed the simple steps outlined in one short sentence in that linked article there would be no need for you to repeat this advice. The help people need to create a firewall on Slackware is already out there, easily accessible and intelligible for anyone with an IQ above zero. The OP has already linked to that help in his original post, but it seems he hopes to get there faster by mindlessly dumping random bits of information in this forum and hoping to reel you all in. Which is precisely what happened: you've now outlined the steps to create a firewall in Slackware that were already outlined for him in one short sentence in that article he linked to without bothering to read.

Sorry I thought by copying the content and creating a file in nano would do the trick. I am just using past information to try to help me figure out this new environment. I am not trying to waste anyones time, but if you think that way maybe I do need to focus more. I appreciate your criticism and will reflect on it as I look into this situation.Sometimes reading this information I dont understand exactly what they are suggesting. Maybe its my own ignorance. Thank you for the response.

Gerard Lally · 05-30-2016, 08:53 PM

Quote:

Originally Posted by Belikewater

Sorry I thought by copying the content and creating a file in nano would do the trick. I am just using past information to try to help me figure out this new environment. I am not trying to waste anyones time, but if you think that way maybe I do need to focus more. I appreciate your criticism and will reflect on it as I look into this situation.Sometimes reading this information I dont understand exactly what they are suggesting. Maybe its my own ignorance. Thank you for the response.

In your original post you said you were trying to follow this link.

To save you having to visit that link again I will post the firewall-related content here:

Code:

Setup a Firewall

On Slackware, the easiest way to do this is by using Alien Bob's adaptation of the Easy Firewall Generator. Just generate the firewall, copy the output to /etc/rc.d/rc.firewall, and make it executable.

chmod a+x /etc/rc.d/rc.firewall

I make that 4 steps:

1. Visit the Easy Firewall Generator page.
2. Follow the instructions at that page to generate a firewall.
3. Save the content you just generated to a file called rc.firewall in the directory /etc/rc.d/
4. Make this file executable by issuing the command, as root, chmod a+x /etc/rc.d/rc.firewall.

Re-starting the machine is the easiest way for you as a new user to make sure the firewall is up and running.

In your original post you said you were trying to follow these steps. Where did you get stuck? Did you generate the firewall at Eric's page? Did you understand the questions the firewall generator asked you? We will happily answer any questions you have about the generator, and wouldn't expect you to understand whether your system is a gateway or a single system, or to understand what the name of your WAN interface is. But don't dump random, mindless information here and expect to get your questions answered without doing at least some research first and showing us what you've done. We are not obliged to waste our time if you are not prepared to put in at least some time and effort reading and understanding the help files you yourself refer to.

Richard Cranium · 05-30-2016, 08:53 PM

Quote:

Originally Posted by Skaendo

have you ever heard the saying, "If your not part of the solution, then your part of the problem"?

I may have heard that, but it's normally written "If you're not part of the solution, then you're part of the problem."

Let's try things differently; it would be nice if the OP could tell us what was unclear about...

Quote:

Setup a Firewall

On Slackware, the easiest way to do this is by using Alien Bob's adaptation of the Easy Firewall Generator. Just generate the firewall, copy the output to /etc/rc.d/rc.firewall, and make it executable.

Code:

chmod a+x /etc/rc.d/rc.firewall

Other options include GUI firewall generation programs such as Firewall Builder.

(There are minor formatting differences between what I have here and what can be found at the link the OP posted.)

Those who wrote the documentation want it to be helpful to those who read it. I believe your feedback would be taken seriously.

Belikewater · 05-30-2016, 09:46 PM

Quote:

Originally Posted by Richard Cranium

I may have heard that, but it's normally written "If you're not part of the solution, then you're part of the problem."

Let's try things differently; it would be nice if the OP could tell us what was unclear about...

(There are minor formatting differences between what I have here and what can be found at the link the OP posted.)

Those who wrote the documentation want it to be helpful to those who read it. I believe your feedback would be taken seriously.

What I wanted to know if I did it right. To me per the instructions I assume I copy the generated firewall and create a file. So I took the actions of using nano and tried to make that text file in the right location. Apparently I did not do it right. Ill figure it out. I just sought some guidance. I will be reading some of the Slackware guide book. I might even purchase a hard copy of it.

Richard Cranium · 05-30-2016, 09:54 PM

Quote:

Originally Posted by Belikewater

What I wanted to know if I did it right. To me per the instructions I assume I copy the generated firewall and create a file. So I took the actions of using nano and tried to make that text file in the right location. Apparently I did not do it right. Ill figure it out. I just sought some guidance. I will be reading some of the Slackware guide book. I might even purchase a hard copy of it.

Did you need instructions in how to actually copy and paste the generated firewall script?

I'm not trying for "slam the relative newbie" or anything like that. I know that I don't write documentation for the joy of writing but to give someone else the ability to solve a problem of some sort. I believe that anyone who reads any documentation that I wrote and didn't really understand what I had written should be able to eventually tell me what it was that I had left out.

That may require you to say what exactly you did so that we can figure out *what* was left out so the next person after you has exciting new and different problems with the documentation.

notKlaatu · 05-30-2016, 10:25 PM

Quote:

Originally Posted by Belikewater

What I wanted to know if I did it right. To me per the instructions I assume I copy the generated firewall and create a file. So I took the actions of using nano and tried to make that text file in the right location. Apparently I did not do it right. Ill figure it out. I just sought some guidance. I will be reading some of the Slackware guide book. I might even purchase a hard copy of it.

Keep at it. You'll get it. Nano may or may not be working as you expect; don't be afraid to try something more familiar to you, such as Kwrite or Kate.

You can also download the firewall by right-clicking the resulting page and selecting 'Save Page As..'. Save it as a plain text document called rc.firewall, and place that (as root) in /etc/rc.d

Then proceed.

The Slackware book is aging; it's a great book to have on your shelf for some reference, but docs.slackware.com is more current. And many helpful slackers maintain their own sites with tips and tricks.

ReaperX7 · 05-31-2016, 12:58 AM

Using a line editor like vim, nano, etc. isn't always advised when you CCP text.

Kwrite/Kate, Gedit, mousepad, leafpad, etc. are text editors, not line editors. If you want to CCP large blocks of text, like rc.firewall, use a text editor.

Turbocapitalist · 05-31-2016, 01:27 AM

Quote:

Originally Posted by notKlaatu

Keep at it. You'll get it. Nano may or may not be working as you expect; don't be afraid to try something more familiar to you, such as Kwrite or Kate.

When working with scripts or configuration files you'll want to keep "nano" from wrapping long lines. That might be part of the problem. You can do it one-off by adding the -w option when launching nano:

Code:

nano -w /etc/rc.d/rc.firewall

Or you can make it permanent for your account by modifying ~/.nanorc See nanorc(5)

Code:

man 5 nanorc