Some Linux Tips




LINKS

Some Debian Tips
awardspace.com "free webhost"
drivehq.com "free storage"
spideroak.com "free storage"
dnsexit dynamic dns server
freedns.afraid dynamic dns server
dns.he.net dynamic dns server




index   Previous   Next


Firewalls are the way to setup the iptables rules in the linux, to let or drop connections from the certain ports.
Ferm, iptables-persistent and shorewall are text based and firestarter are examples of graphical firewalls.
You can write iptables rules and restore in eache boot or when the network interface is up, because debian didn't save the iptables rules for the next boot, for this put the iptables rules file somewhere in the /etc/iptables/, to restore create a file 49firewall with the lines below and put in the /etc/network/if-up.d/:

#! /bin/sh

/sbin/iptables-restore < /etc/iptables/rules

The iptables-persistent also restor the rules in each boot, to setup put the iptables rules in the file /etc/iptables/rules and configure the iptables-persisten to find the rules.
These are some iptables rules for a dial up interface ppp0 and and the network interface eth0.
The ferm configuration file ferm.conf is in the /etc/ferm reade the man ferm for details.
This is a ferm.conf for the dialup interface ppp0 and the network interface eth0.
The other text base firewall is shorewall download from http://www.shorewall.net/.
This is for two interface configuration, the configuration files are in the /etc/shorewall.
To enbale the starting at system boot change the startup values in the shorewall.conf and /etc/default/shorewall from 0 to 1:

Startup = 1

As well set these values in the shorewall.conf as:

IP_FORWARDING=on
ROUTE_FILTER=no
DISABLE_IPV6=yes

Configure these files /etc/shorewall as:
interfaces:

#ZONE   INTERFACE   BROADCAST   OPTIONS
#net   eth0    detect    dhcp,tcpflags,nosmurfs,routefilter,logmartians
net   ppp0     -    dhcp,tcpflags,nosmurfs,routefilter,logmartians
loc   eth0    detect    tcpflags,nosmurfs,routefilter,logmartians

policy:

#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
$FW    net    ACCEPT
loc    net    ACCEPT
net   all    DROPE    info
loc    $FW    ACCEPT
$FW    loc    ACCEPT
# THE FOLLOWING POLICY MUST BE LAST
all    all    REJECT    info


zones:

#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw    firewall
net    ipv4
loc    ipv4

masq:

#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0    192.168.1.0/29,\
        10.0.0.0/8,\
       169.254.0.0/16,\
       172.16.0.0/12,\
       192.168.0.0/16

Downalod the two other config files rules and shorewall.conf.

To see the shorewall log run the command:

/sbin/shorewall show log


for debug run:

shorewall debug start 2> /tmp/trace


and read the /tmp/trace file for errors.



    written by shams