You are not logged in.
# cat /etc/rc.d/myfirewall
#!/bin/bash
. /etc/rc.conf
. /etc/rc.d/functions
case "$1" in
start)
rc=0
stat_busy "Starting Firewall"
iptables -F
iptables -X
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --destination-port 4662 -m state --state NEW -j ACCEPT
iptables -A INPUT -p udp --destination-port 4672 -m state --state NEW -j ACCEPT
iptables -A INPUT -p udp --destination-port 53 -m state --state NEW -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
echo 0 > /proc/sys/net/ipv4/ip_forward
;;
stop)
rc=0
stat_busy "Stopping Firewall"
iptables -F
iptables -X
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
echo "usage: $0 {start|stop|restart}"
esac
exit 0
Hello, I wanted to present a simple firewall I made in a couple of minutes. It it designed to give internet access for a desktop user and to be easy to modify. Its purpose is not to let in any body, who is not welcome at the moment if you e.g. just want to test your website at local apache/mysql.
I wonder how other users solve the problem of desktop firewall? I am not an expert so if you think this firewall is useless, or not safe please let me know.
I am also curios if anybody uses this graphical interfaces like kmyfirewall. I tried once. I still can't sleep well because of that.
The input rules are for amule .
Offline
I would think just a regular shell script with the firewall rules in it would be a better way to go. Then, once the script is run, people can save off their firewall rules: /etc/rc.d/iptables save
That way they will start up with the saved rules each time.
Also, make sure you setup your rules BEFORE you start your network...
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
Sometimes it just astonishes me, how stupid I am. I could have thought of that...
Offline
I am also curios if anybody uses this graphical interfaces like kmyfirewall. I tried once. I still can't sleep well because of that.
Yep, I do. KMyFirewall, too. :oops:
But I sleep well, even though at times my box is connected over long periods of time.
Kmyfirewall seems to work pretty well, it does have quite a good interface and testing the firewall at one of the numerous test-sites showed that there are no open ports I do not want open...
I'm wondering, why can't you sleep 'cause of that
sleep tight!
bernhard
Offline
mdv wrote:I am also curios if anybody uses this graphical interfaces like kmyfirewall. I tried once. I still can't sleep well because of that.
Yep, I do. KMyFirewall, too. :oops:
bernhard
I'm using firestarter which I regard much easier to comprehend. KMyfirewall doesn't seem to differ much from using plain iptables from terminal. I didn't want to use time for reading iptables manual when I could just use firestarter. Call me lazy.
.murkus
Offline
I'm wondering, why can't you sleep 'cause of that
Kmyfirewall is so damn complicated in comparison to iptables. Making a firewall should be EASY.
Or, maybe it is easy, but, you know, colors... lights... they can make you panic.
Mdv
Offline