You are not logged in.
- Topics: Active | Unanswered
#1 2005-03-06 03:52:53
- T-Dawg
- Forum Fellow
- From: Charlotte, NC
- Registered: 2005-01-29
- Posts: 2,736
Here's a Firewall Generator..
I just found this good iptables firewall generator for anyone who cares. It provides tables for filter and nat. I tested it at grc and got a passing score. My internet seems a little faster now than it did with my regular manually configured rules.;)
Download and extract it, then run the quicktables script to generate the rules. You can use the INSTALL file to configure it the rest of the way. Remember to remove iptables from the daemons list.
http://qtables.radom.org/download.php
More info and supported features:
http://qtables.radom.org/index.php
Offline
#2 2005-10-09 20:41:22
- timtux
- Member
- From: Gävle, Sweden
- Registered: 2005-10-04
- Posts: 178
- Website
Re: Here's a Firewall Generator..
This is how to do:
Edit the /etc/rc.conf DEAMONS line so it looks like this: (disable iptables)
DAEMONS=(syslog-ng acpid cpufreqd hotplug !pcmcia !iptables network netfs crond autofs)Then go in to the map where you extracted quicktables
./quicktables-2.3
<FOLLOW THE INSTRUCTIONS>
su
<entermyrootpw>
cp rc.firewall /usr/local/sbin
chown root /usr/local/sbin/rc.firewall
chmod 744 /usr/local/sbin/rc.firewallAnd last add /usr/local/sbin/rc.firewall to the bottom of /etc/rc.local:
#!/bin/sh
#
# /etc/rc.local: Local multi-user startup script.
#
/usr/local/sbin/rc.firewall
# End of filehttp://timtux.net/ - my personal blog about almost everything
Offline
#3 2005-10-09 21:06:00
- T-Dawg
- Forum Fellow
- From: Charlotte, NC
- Registered: 2005-01-29
- Posts: 2,736
Re: Here's a Firewall Generator..
Woah, this is an old thread...
Yes to all your questions, but you'll have to reboot before they take effect.
Honestly, I don't use this method. Instead, I added the line to rc.local once, rebooted, and did:
/etc/rc.d/iptables save That will hard coat the rules into /etc/iptables/iptables.rules rather than being cached into memory by the script. Now you can remove the line from rc.local and add iptables to the deamon array.
The advantage of this is that it will allow you to be able to stop or start the firewall at any time easily by doing /etc/rc.d/iptables stop or /etc/rc.d/iptables start.
Offline
#4 2005-10-09 21:11:44
- timtux
- Member
- From: Gävle, Sweden
- Registered: 2005-10-04
- Posts: 178
- Website
Re: Here's a Firewall Generator..
ah, smart 
Dident think so long 
http://timtux.net/ - my personal blog about almost everything
Offline
#5 2005-10-09 21:25:16
- timtux
- Member
- From: Gävle, Sweden
- Registered: 2005-10-04
- Posts: 178
- Website
Re: Here's a Firewall Generator..
Just one more thing:
The firewall is up and running as i wish.
Ive tested my computer on an Swedish site ( http://www.testadatorn.se ) and all seems to be ok:
Swedish:
Din dator har nu blivit testad och inga svagheterl kunde hittas i din datorsäkerhet. Testet kunde dock få fram information om din dator som kan vara viktig för dig att veta om.
In English:
Your computer have now been tested and no weakness has been found.But when im test it at https://www.grc.com/x/ne.dll?bh0bkyd2 ive get:
Greetings!
Without your knowledge or explicit permission, the Windows networking technology which connects your computer to the Internet may be offering some or all of your computer's data to the entire world at this very moment!http://timtux.net/ - my personal blog about almost everything
Offline
#6 2005-10-09 21:40:03
- T-Dawg
- Forum Fellow
- From: Charlotte, NC
- Registered: 2005-01-29
- Posts: 2,736
Re: Here's a Firewall Generator..
Its probably detecting it from your browser (all browsers fail those stupid tests).
Try it here, it test all ports, not the browser:
http://www.grc.com/default.htm
then go to "shields up" --> "all service ports"
Offline
#7 2005-10-09 21:44:21
- timtux
- Member
- From: Gävle, Sweden
- Registered: 2005-10-04
- Posts: 178
- Website
Re: Here's a Firewall Generator..
Its probably detecting it from your browser (all browsers fail those stupid tests).
Try it here, it test all ports, not the browser:
http://www.grc.com/default.htm
then go to "shields up" --> "all service ports"
a, thx
http://timtux.net/ - my personal blog about almost everything
Offline
#8 2005-10-12 02:45:11
- Shofs
- Member
- From: Central Illinois
- Registered: 2004-12-15
- Posts: 184
Re: Here's a Firewall Generator..
I remember reading a while back about some sort of dynamic iptables configurator. If, for example, some script kiddie is bombarding your server with attempted ssh connections the dynamic rules would kick in and temporarily block/drop/whatever all connections for port 22 from that host for for some given amount of time.
It would then relinquish that rule after the specified amount of time. This is useful if you accidentally typed your password wrong more than once when trying to ssh to your box.
I can't seem to find this. Perhaps someone knows what I am talking about.
Offline
#9 2005-10-12 03:03:51
- T-Dawg
- Forum Fellow
- From: Charlotte, NC
- Registered: 2005-01-29
- Posts: 2,736
Re: Here's a Firewall Generator..
quicktables has quickblock included with it:
qtables@radom.org
quickblock.sh was designed to block packets from a host "on-the-fly"
without having to edit a script and rerun the firewall.quickblock.sh is simple to use and operates as follows...
- first you'll be asked for the IP or network address to block. please
enter a single address only- next you'll be asked if you would like your quicktables firewall to
block this IP or network address permanently or not. if you answer
yes then the address will be appended to /etc/qblock. /etc/qblock
addresses will then be read in by your quicktables firewall script
when it next runs.- next you'll be asked if you use NAT or not. please answer yes or no
dunno if thats what you wanted...
Offline
#10 2005-10-12 03:35:11
- Shofs
- Member
- From: Central Illinois
- Registered: 2004-12-15
- Posts: 184
Re: Here's a Firewall Generator..
quicktables has quickblock included with it:
quickblock README wrote:qtables@radom.org
quickblock.sh was designed to block packets from a host "on-the-fly"
without having to edit a script and rerun the firewall.quickblock.sh is simple to use and operates as follows...
- first you'll be asked for the IP or network address to block. please
enter a single address only- next you'll be asked if you would like your quicktables firewall to
block this IP or network address permanently or not. if you answer
yes then the address will be appended to /etc/qblock. /etc/qblock
addresses will then be read in by your quicktables firewall script
when it next runs.- next you'll be asked if you use NAT or not. please answer yes or no
dunno if thats what you wanted...
That still seems to need user interaction though . . . I am looking for something that recognizes a threat and takes care of it automatically.
Offline
#11 2005-10-12 05:08:35
- cactus
- Taco Eater
- From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
- Registered: 2004-05-25
- Posts: 4,622
- Website
Re: Here's a Firewall Generator..
take a look at snort. I believe there are plugins for snort that will update firewall rules..
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline