You are not logged in.

#1 2005-03-06 03:52:53

T-Dawg
Forum Fellow
From: Charlotte, NC
Registered: 2005-01-29
Posts: 2,736

Here's a Firewall Generator..

I just found this good iptables firewall generator for anyone who cares. It provides tables for filter and nat. I tested it at grc and got a passing score. My internet seems a little faster now than it did with my regular manually configured rules.;)
Download and extract it, then run the quicktables script to generate the rules. You can use the INSTALL file to configure it the rest of the way. Remember to remove iptables from the daemons list.

http://qtables.radom.org/download.php

More info and supported features:
http://qtables.radom.org/index.php

Offline

#2 2005-10-09 20:41:22

timtux
Member
From: Gävle, Sweden
Registered: 2005-10-04
Posts: 178
Website

Re: Here's a Firewall Generator..

This is how to do:

Edit the /etc/rc.conf DEAMONS line so it looks like this: (disable iptables)

DAEMONS=(syslog-ng acpid cpufreqd hotplug !pcmcia !iptables network netfs crond autofs)

Then go in to the map where you extracted quicktables

./quicktables-2.3
<FOLLOW THE INSTRUCTIONS>
su 
<entermyrootpw>
cp rc.firewall /usr/local/sbin
chown root /usr/local/sbin/rc.firewall
chmod 744 /usr/local/sbin/rc.firewall

And last add /usr/local/sbin/rc.firewall to the bottom of /etc/rc.local:

#!/bin/sh
#
# /etc/rc.local: Local multi-user startup script.
#
/usr/local/sbin/rc.firewall
# End of file

http://timtux.net/ - my personal blog about almost everything

Offline

#3 2005-10-09 21:06:00

T-Dawg
Forum Fellow
From: Charlotte, NC
Registered: 2005-01-29
Posts: 2,736

Re: Here's a Firewall Generator..

Woah, this is an old thread...
Yes to all your questions, but you'll have to reboot before they take effect.

Honestly, I don't use this method. Instead, I added the line to rc.local once, rebooted, and did:

/etc/rc.d/iptables save

That will hard coat the rules into /etc/iptables/iptables.rules rather than being cached into memory by the script. Now you can remove the line from rc.local and add iptables to the deamon array.
The advantage of this is that it will allow you to be able to stop or start the firewall at any time easily by doing /etc/rc.d/iptables stop or /etc/rc.d/iptables start.

Offline

#4 2005-10-09 21:11:44

timtux
Member
From: Gävle, Sweden
Registered: 2005-10-04
Posts: 178
Website

Re: Here's a Firewall Generator..

ah, smart smile Dident think so long tongue


http://timtux.net/ - my personal blog about almost everything

Offline

#5 2005-10-09 21:25:16

timtux
Member
From: Gävle, Sweden
Registered: 2005-10-04
Posts: 178
Website

Re: Here's a Firewall Generator..

Just one more thing:

The firewall is up and running as i wish.
Ive tested my computer on an Swedish site ( http://www.testadatorn.se ) and all seems to be ok:

Swedish:
Din dator har nu blivit testad och inga svagheterl kunde hittas i din datorsäkerhet. Testet kunde dock få fram information om din dator som kan vara viktig för dig att veta om.

In English:
Your computer have now been tested and no weakness has been found.

But when im test it at https://www.grc.com/x/ne.dll?bh0bkyd2 ive get:

Greetings!

Without your knowledge or explicit permission, the Windows networking technology which connects your computer to the Internet may be offering some or all of your computer's data to the entire world at this very moment!

http://timtux.net/ - my personal blog about almost everything

Offline

#6 2005-10-09 21:40:03

T-Dawg
Forum Fellow
From: Charlotte, NC
Registered: 2005-01-29
Posts: 2,736

Re: Here's a Firewall Generator..

Its probably detecting it from your browser (all browsers fail those stupid tests).
Try it here, it test all ports, not the browser:
http://www.grc.com/default.htm
then go to "shields up" --> "all service ports"

Offline

#7 2005-10-09 21:44:21

timtux
Member
From: Gävle, Sweden
Registered: 2005-10-04
Posts: 178
Website

Re: Here's a Firewall Generator..

Penguin wrote:

Its probably detecting it from your browser (all browsers fail those stupid tests).
Try it here, it test all ports, not the browser:
http://www.grc.com/default.htm
then go to "shields up" --> "all service ports"

a, thx smile


http://timtux.net/ - my personal blog about almost everything

Offline

#8 2005-10-12 02:45:11

Shofs
Member
From: Central Illinois
Registered: 2004-12-15
Posts: 184

Re: Here's a Firewall Generator..

I remember reading a while back about some sort of dynamic iptables configurator. If, for example, some script kiddie is bombarding your server with attempted ssh connections the dynamic rules would kick in and temporarily block/drop/whatever all connections for port 22 from that host for for some given amount of time.

It would then relinquish that rule after the specified amount of time. This is useful if you accidentally typed your password wrong more than once when trying to ssh to your box.

I can't seem to find this. Perhaps someone knows what I am talking about.

Offline

#9 2005-10-12 03:03:51

T-Dawg
Forum Fellow
From: Charlotte, NC
Registered: 2005-01-29
Posts: 2,736

Re: Here's a Firewall Generator..

quicktables has quickblock included with it:

quickblock README wrote:

qtables@radom.org

quickblock.sh was designed to block packets from a host "on-the-fly"
without having to edit a script and rerun the firewall.

quickblock.sh is simple to use and operates as follows...

- first you'll be asked for the IP or network address to block.  please
  enter a single address only

- next you'll be asked if you would like your quicktables firewall to
  block this IP or network address permanently or not.  if you answer
  yes then the address will be appended to /etc/qblock.  /etc/qblock
  addresses will then be read in by your quicktables firewall script
  when it next runs.

- next you'll be asked if you use NAT or not.  please answer yes or no

dunno if thats what you wanted...

Offline

#10 2005-10-12 03:35:11

Shofs
Member
From: Central Illinois
Registered: 2004-12-15
Posts: 184

Re: Here's a Firewall Generator..

Penguin wrote:

quicktables has quickblock included with it:

quickblock README wrote:

qtables@radom.org

quickblock.sh was designed to block packets from a host "on-the-fly"
without having to edit a script and rerun the firewall.

quickblock.sh is simple to use and operates as follows...

- first you'll be asked for the IP or network address to block.  please
  enter a single address only

- next you'll be asked if you would like your quicktables firewall to
  block this IP or network address permanently or not.  if you answer
  yes then the address will be appended to /etc/qblock.  /etc/qblock
  addresses will then be read in by your quicktables firewall script
  when it next runs.

- next you'll be asked if you use NAT or not.  please answer yes or no

dunno if thats what you wanted...

That still seems to need user interaction though . . . I am looking for something that recognizes a threat and takes care of it automatically.

Offline

#11 2005-10-12 05:08:35

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: Here's a Firewall Generator..

take a look at snort. I believe there are plugins for snort that will update firewall rules..


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

Board footer

Powered by FluxBB