You are not logged in.

#1 2005-04-11 17:58:23

mdv
Member
From: Poland
Registered: 2005-04-09
Posts: 145

simple firewall for a desktop (mostly) user

# cat /etc/rc.d/myfirewall
#!/bin/bash

. /etc/rc.conf
. /etc/rc.d/functions

case "$1" in
  start)
        rc=0
        stat_busy "Starting Firewall"
        iptables -F
        iptables -X
        iptables -P OUTPUT  ACCEPT
        iptables -P INPUT   DROP
        iptables -P FORWARD DROP
        iptables -A INPUT  -i lo  -j ACCEPT
        iptables -A INPUT  -p tcp  --destination-port 4662  -m state --state NEW  -j ACCEPT
        iptables -A INPUT  -p udp  --destination-port 4672  -m state --state NEW  -j ACCEPT
        iptables -A INPUT  -p udp  --destination-port 53  -m state --state NEW -j ACCEPT
        iptables -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
        echo 0 > /proc/sys/net/ipv4/ip_forward
    ;;
  stop)
        rc=0
        stat_busy "Stopping Firewall"
        iptables -F
        iptables -X
        iptables -P OUTPUT  ACCEPT
        iptables -P INPUT   DROP
        iptables -P FORWARD DROP
        iptables -A INPUT  -i lo  -j ACCEPT
    ;;
  restart)
    $0 stop
    sleep 1
    $0 start
    ;;
  *)
    echo "usage: $0 {start|stop|restart}"
esac
exit 0

Hello, I wanted to present a simple firewall I made in a couple of minutes. It it designed to give internet access for a desktop user and to be easy to modify. Its purpose is not to let in any body, who is not welcome at the moment if you e.g. just want to test your website at local apache/mysql.

I wonder how other users solve the problem of desktop firewall? I am not an expert so if you think this firewall is useless, or not safe please let me know.

I am also curios if anybody uses this graphical interfaces like kmyfirewall. I tried once. I still can't sleep well because of that.

The input rules are for amule smile.

Offline

#2 2005-04-11 18:33:57

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: simple firewall for a desktop (mostly) user

I would think just a regular shell script with the firewall rules in it would be a better way to go. Then, once the script is run, people can save off their firewall rules: /etc/rc.d/iptables save
That way they will start up with the saved rules each time.

Also, make sure you setup your rules BEFORE you start your network...


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#3 2005-04-11 19:08:33

mdv
Member
From: Poland
Registered: 2005-04-09
Posts: 145

Re: simple firewall for a desktop (mostly) user

Sometimes it just astonishes me, how stupid I am. I could have thought of that... smile

Offline

#4 2005-04-12 14:36:47

bauerber
Member
Registered: 2004-12-20
Posts: 40

Re: simple firewall for a desktop (mostly) user

mdv wrote:

I am also curios if anybody uses this graphical interfaces like kmyfirewall. I tried once. I still can't sleep well because of that.

Yep, I do. KMyFirewall, too.  :oops:
But I sleep well, even though at times my box is connected over long periods of time.
Kmyfirewall seems to work pretty well, it does have quite a good interface and testing the firewall at one of the numerous test-sites showed that there are no open ports I do not want open...

I'm wondering, why can't you sleep 'cause of that  wink

sleep tight!

bernhard

Offline

#5 2005-04-13 08:55:24

murkus
Member
From: Europe/Helsinki
Registered: 2004-03-19
Posts: 254

Re: simple firewall for a desktop (mostly) user

bauerber wrote:
mdv wrote:

I am also curios if anybody uses this graphical interfaces like kmyfirewall. I tried once. I still can't sleep well because of that.

Yep, I do. KMyFirewall, too.  :oops:

bernhard

I'm using firestarter which I regard much easier to comprehend. KMyfirewall doesn't seem to differ much from using plain iptables from terminal. I didn't want to use time for reading iptables manual when I could just use firestarter. Call me lazy. wink


.murkus

Offline

#6 2005-04-13 13:59:18

mdv
Member
From: Poland
Registered: 2005-04-09
Posts: 145

Re: simple firewall for a desktop (mostly) user

bauerber wrote:

I'm wondering, why can't you sleep 'cause of that  wink

Kmyfirewall is so damn complicated in comparison to iptables. Making a firewall should be EASY.

Or, maybe it is easy, but, you know, colors... lights... they can make you panic. wink

Mdv

Offline

Board footer

Powered by FluxBB