Firewall?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

xlanou

Thread Starter
Joined
Jun 13, 2007
Messages
49
At the moment i don't have an operational Firewall on the computer running Mandriva Spring. Do i really need one? And if so what are the options available that are compatible with Linux. Thanks all.
 
Joined
Jun 3, 2007
Messages
650
Most people will argue that you don't need a personal firewall on your machine. Is there one between your machine and the wild?
 
Joined
Feb 13, 2006
Messages
238
not to hijack here, but are you meaning a hardware firewall? If so, are you saying that no matter the flavor, a router between computer and the world is enough?
 
Joined
Jun 3, 2007
Messages
650
No, I mean a software firewall. I thought that's what xlanou meant.

Obviously having nothing between a workstation and the wild is stoopid. A hardware firewall is essential. I wouldn't trust just something like iptables.
 
Joined
Mar 21, 2007
Messages
17
I have Verizon dsl & the Westell modem/router. I logged into it the 1st week or two so I could switch off the 'wireless'. I notice the hardware firewall was set to the lowest level. ( and my sys was not testing as 'stealth' on ShieldsUp: https://www.grc.com/x/ne.dll?bh0bkyd2 )

I set it higher & then I passed the test.
 
Joined
Feb 13, 2006
Messages
238
briealeida said:
No, I mean a software firewall. I thought that's what xlanou meant.

Obviously having nothing between a workstation and the wild is stoopid. A hardware firewall is essential. I wouldn't trust just something like iptables.

This if very interesting because I have yet to find extended discussions on linux firewalls.
Sure would like to be clued in. I'm running Ubuntu.
 
Joined
Sep 12, 2003
Messages
20,583
Hi neos,

I also run Ubuntu, but from the Live CD, and I initialize an iptables firewall before I dialup to the wild. Since everything runs in RAM (including a faux file system), when I turn off the power everything goes poof! Also, when I am connected to the wild, my disks are unmounted.

-- Tom
 
Joined
Feb 13, 2006
Messages
238
lotuseclat79 said:
Hi neos,

I also run Ubuntu, but from the Live CD, and I initialize an iptables firewall before I dialup to the wild. Since everything runs in RAM (including a faux file system), when I turn off the power everything goes poof! Also, when I am connected to the wild, my disks are unmounted.

-- Tom
You have mentioned running in 'Live' mode before and I was very interested in what you say.
But at the time it was a different subject thread and it was not pursued. The IPtables and running with disks unmounted part is new to me.

I run behind a Linksys router running linux WRT firmware and for the life of me I cannot remember the exact nomenclature of the software. (I have hdd with that info turned off because of another challenge I'm facing).

The IPTables; they are what run on the hardware firewall? I can find this. I'm not asking you to do my work for me.

Just wanted to make note:)
 
Joined
Sep 12, 2003
Messages
20,583
neos1 said:
You have mentioned running in 'Live' mode before and I was very interested in what you say.
But at the time it was a different subject thread and it was not pursued. The IPtables and running with disks unmounted part is new to me.

I run behind a Linksys router running linux WRT firmware and for the life of me I cannot remember the exact nomenclature of the software. (I have hdd with that info turned off because of another challenge I'm facing).

The IPTables; they are what run on the hardware firewall? I can find this. I'm not asking you to do my work for me.

Just wanted to make note:)
IPTables is software in Linux.

Here is my setup for iptables:
Install the following two bash files /etc (i.e. whether running Live CD or not)
firewall.bash file (install in /etc), and the initialization script in /etc/init.d: <===============
!/bin/bash

# No spoofing
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]
then
for filtre in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $filtre
done
fi

# No icmp
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

#load some modules you may need
modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe iptable_filter
modprobe iptable_nat

# Remove all rules and chains
iptables -F
iptables -X

# first set the default behaviour => accept connections
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

# Create 2 chains, it allows to write a clean script
iptables -N FIREWALL
iptables -N TRUSTED

# Allow ESTABLISHED and RELATED incoming connection
iptables -A FIREWALL -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Send all package to the TRUSTED chain
iptables -A FIREWALL -j TRUSTED
# DROP all other packets
iptables -A FIREWALL -j DROP

# Send all INPUT packets to the FIREWALL chain
iptables -A INPUT -j FIREWALL
# DROP all forward packets, we don't share internet connection in this example
iptables -A FORWARD -j DROP

# Allow https
iptables -A TRUSTED -i ppp0 -p udp -m udp --sport 443 -j ACCEPT
iptables -A TRUSTED -i ppp0 -p tcp -m tcp --sport 443 -j ACCEPT

# Allow amule
#iptables -A TRUSTED -i ppp0 -p udp -m udp --dport 5349 -j ACCEPT
#iptables -A TRUSTED -i ppp0 -p udp -m udp --dport 5351 -j ACCEPT
#iptables -A TRUSTED -i ppp0 -p tcp -m tcp --dport 5348 -j ACCEPT

# Allow IRC IDENT & DCC
#iptables -A TRUSTED -i ppp0 -p tcp -m tcp --sport 6667 -j ACCEPT
#iptables -A TRUSTED -i ppp0 -p tcp -m tcp --sport 113 -j ACCEPT

# Allow bittorrent
#iptables -A TRUSTED -i ppp0 -p tcp -m tcp --dport 6881:6889 -j ACCEPT

# End message
echo " [End iptables rules setting]"

flush_iptables.bash file (install in /etc): <==================================
#!/bin/bash

#
# Set the default policy
#
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

#
# Set the default policy for the NAT table
#
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT

#
# Delete all rules
#
iptables -F
iptables -t nat -F

#
# Delete all chains
#

iptables -X
iptables -t nat -X

# End message
echo " [End of flush]"

firewall bash script file (install in /etc/init.d): <===============================
#!/bin/bash

RETVAL=0

# To start the firewall
start() {
echo -n "Iptables rules creation: "
/etc/firewall.bash
RETVAL=0
}

# To stop the firewall
stop() {
echo -n "Removing all iptables rules: "
/etc/flush_iptables.bash
RETVAL=0
}

case $1 in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
/sbin/iptables -L
/sbin/iptables -t nat -L
RETVAL=0
;;
*)
echo "Usage: firewall {start|stop|restart|status}"
RETVAL=1
esac

exit

In order to initialize the iptables firewall, execute (as root): /etc/init.d/firewall start

Obviously, I have written a script to do all of this which I keep on my hard drive and pull over to my Live CD to execute my initialization. The last part is to reset my local time which I sync with an "atomic" watch and issue the date -u mmddhhmm command from the root account using GMT time - this requires a /etc/localtime symbolic link setting to the /usr/share/zoneinfo/file where file is for your time zone and whether daylight saving time is in effect (also in my script).

-- Tom
 
Joined
Feb 13, 2006
Messages
238
Lotuseclat79,

It's pretty clear, considering my original question in this thread that I'm clueless as to IPTables, how they work and how exactly to implement them. I've yet to make a script that works. I may have figured out how to download a live iso and burn it to cd and then installing ubuntu but that is only because they have made it nearly idiot proof.

I've installed firestarter because I could just click to install so that I have some kind of wall between me and the 'wild' and because it takes me about nine times reading through something before it finally begins to stick.

I own both O'Reilly's Desk Top Reference 'Linux in a Nutshell', and the Linux Cookbook 2nd edition. I'm looking for a 'complete idiot's guide' out there somewhere - you know the kind of book that would actually tell a guy the 'dd' is gallows humor made up years ago for copy. Yea I know data dump. I'm currently reading the Hacker's Dictionary, and am waiting for my copy of the Cathedral and the Bazaar. A late comer - yes. A wannabe - maybe. But I have 'How to ask questions the Right Way' bookmarked on my children's computer running Ubuntu.
At least they will know there are other choices.

And sometimes, I just like to ramble.
 
Joined
Sep 12, 2003
Messages
20,583
neos1 said:
Lotuseclat79,

It's pretty clear, considering my original question in this thread that I'm clueless as to IPTables, how they work and how exactly to implement them. I've yet to make a script that works. I may have figured out how to download a live iso and burn it to cd and then installing ubuntu but that is only because they have made it nearly idiot proof.

I've installed firestarter because I could just click to install so that I have some kind of wall between me and the 'wild' and because it takes me about nine times reading through something before it finally begins to stick.

I own both O'Reilly's Desk Top Reference 'Linux in a Nutshell', and the Linux Cookbook 2nd edition. I'm looking for a 'complete idiot's guide' out there somewhere - you know the kind of book that would actually tell a guy the 'dd' is gallows humor made up years ago for copy. Yea I know data dump. I'm currently reading the Hacker's Dictionary, and am waiting for my copy of the Cathedral and the Bazaar. A late comer - yes. A wannabe - maybe. But I have 'How to ask questions the Right Way' bookmarked on my children's computer running Ubuntu.
At least they will know there are other choices.

And sometimes, I just like to ramble.
Hi neos1,

Glad to hear you have Firestarter! (y)

Do an Advanced Search in the Unix/Linux subforum only and use the Titles only selection in the keysord menu to the top left of the Advanced Search webpage.
Search for the word: book
in the Titles Only selection of the Keyword input block.

That should point you to various threads you can look through that may identify a book that qualifies for what you are looking.

-- Tom
 
Joined
Jul 14, 2007
Messages
3
As I know Mandriva proposes to configure firewall during installation, and has same name settings utility in control center. Anyway iptables rocks.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

No members online now.
Top