BetaONE will rise again!

BetaONE will rise again! (http:\\b1.hcanet.com\forum/index.php)
-   Alternative OS Support (http:\\b1.hcanet.com\forum/forumdisplay.php?f=40)
-   -   Firewalls (http:\\b1.hcanet.com\forum/showthread.php?t=857)

craftyc 20th Apr 02 12:26 PM
Does anyone know a decent Firewall program (something like ZoneAlarm) for Linux? Thanks in advance.

CARTMAN 20th Apr 02 03:12 PM
http://netfilter.samba.org

craftyc 20th Apr 02 06:55 PM
Could you give me a quick tutorial about how to use this?

Thanks.

CARTMAN 20th Apr 02 07:57 PM
Well get iptables package take it to /usr/src/
then unpack it change dir to iptables
then
#make most-of-pom KERNEL_DIR=/usr/src/linux
//This will ask you to patch kernel say yes to all if patch fails say no next time
#make KERNEL_DIR=/usr/src/linux
#make install KERNEL_DIR=/usr/src/linux
then go to /usr/src/linux head up to Networking Options Choose (Network packet filtering (replaces ipchains) )
Then scroll down enter IP:Netfilter configuration choose everything until you reach ipchains but dont choose "realm support"

Reboot. Well know you got iptables installed now all you need a firewall script. Here is my firewall script to give you an idea

iptables -F // Reset all rules
iptables -A INPUT -p tcp -s ! 127.0.0.1 --dport 631 -j REJECT --reject-with tcp-reset // If someone try to access port 631 from outside dont let them but let localhost access my cups port
iptables -A INPUT -p tcp -s ! 127.0.0.1 --dport 1234 -j REJECT --reject-with tcp-reset // No access to port 1234 from outside my proxy port
iptables -A INPUT -p udp -s ! 127.0.0.1 --dport 3130 -j DROP // No access to udp 3130 port from outside my udp port for proxy
iptables -A INPUT -m psd -j DROP //Stop port scanning attemps yes this works!

You can get nmap from www.insecure.org/nmap
to see what ports you have open and create a firewall rule set and put them in /etc/rc.d/rc.local so that firewall starts everytime you reboot. Btw there are lots of how-tos on the net

Cheers cartman

craftyc 20th Apr 02 09:11 PM
Is there a graphical configuration tool to help me with this?

CARTMAN 20th Apr 02 09:21 PM
well check www.freshmeat.net :) or if you have mandrake or redhat try InteractiveBastille command which simply configures Bastille firewall ...

craftyc 20th Apr 02 09:38 PM
Thanks. Installing knetfilter right now.

craftyc 20th Apr 02 10:06 PM
[quote:d0f6154d99]iptables -A INPUT -m psd -j DROP //Stop port scanning attemps yes this works![/quote:d0f6154d99]

What is "psd"? I do not seem to have it on my system.

CARTMAN 20th Apr 02 10:31 PM
psd == Port Scan Detection and its *experimental* but works. Yuo have to manually compile iptables to get it...

craftyc 21st Apr 02 06:05 PM
Thanks for your help CARTMAN. I found a new Firewall called Firestarter. I believe that it is better for newbies like me. For others it is available at http://firestarter.sourceforge.net


All times are GMT +1. The time now is 09:51 AM.

Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.