- Legal Stuff
- HowTO
- Add BackPort repository in Etch
- Boot in text mode
- Change hostname
- Encrypt a debian partition
- Install flash player on Lenny
- Install from harddisk
- Install VNC Server on Debian
- Install Wifi on LP
- Linux Autoexec.bat
- Login Passwordless
- Mount by label
- Raid 1 on Debian
- SEC Monitoring
- Setup Static IP
- Setup time sync
- Tutorials
- Contact Us
Setup a Firewall
- Command Prompt:
I like to set up a firewall on the boxes I build.
I am going to give you a set of commands below that I want you to paste into the command line, in the correct order. You MUST change the IP addresses to fit your needs, if you have not already done so. The line with '--dport 22' on it is SSH and the network address to the left needs to be the network that both your computer and the spamfilter computer are on. You could also limit access to a single computer (yours, of course) by using your_ipaddress_goes_here/32. This is a security measure. If you do that part wrong, it will lock you out. The lines with '--sport 53' on them are for access to DNS servers. BTW, all you have to do to change your DNS servers is change the entries in /etc/resolv.conf.
If you would like to add more rules in the future or make modifications, simply copy and paste these lines into a text editor like notepad, make the changes you would like, and then copy and paste them to a command prompt in your PuTTY window. You can copy and paste all the lines at once. The first line deletes all the entries that were in the rule-set previously and the next to the last line saves the new rule set. The last line shows how one would load a rules file into iptables. Keep a copy of the text file on your computer and call it firewall-rules.txt. I learned to never edit the /etc/firewall-rules file directly on the spamfilter computer. It looks like iptables will reject the file if anything other than itself has modified it.
DO NOT USE AS IS, CHANGE NETWORK ADDRESS FIRST IF YOU HAVE NOT ALREADY DONE SO:
iptables -F
iptables -N FIREWALL
iptables -F FIREWALL
iptables -A INPUT -j FIREWALL
iptables -A FORWARD -j FIREWALL
iptables -A FIREWALL -p tcp -m tcp --dport 25 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp -s 222.222.222.222/24 --dport 22 --syn -j ACCEPT
iptables -A FIREWALL -i lo -j ACCEPT
iptables -A FIREWALL -p udp -m udp --sport 53 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 53 -j ACCEPT
iptables -A FIREWALL -p udp -m udp --dport 123 -j ACCEPT
iptables -A FIREWALL -p udp -m udp --sport 6277 -j ACCEPT
iptables -A FIREWALL -p udp -m udp --sport 24441 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --syn -j REJECT
iptables -A FIREWALL -p udp -m udp -j REJECT
iptables-save > /etc/firewall-rules
iptables-restore < /etc/firewall-rules
Then run iptables -L to view the rules
nano /etc/network/interfaces
And insert the following text in the blank line just below "iface lo inet loopback":
pre-up iptables-restore < /etc/firewall-rules
Save and exit the file as usual with
[ctrl]-o
[enter]
[ctrl]-x
- GUI style
First you must install KDE Desktop:
apt-get install kde fwbuilder
then you can go to the following link for documentation:
http://www.fwbuilder.org/UsersGuide.pdf