You are not logged in.
Pages: 1
When I installed arch a while ago (a year?) I was pretty sure I added a firewall. However now when I issue the "iptables" or "iptables -nvL" command it says "command not found". I don't recall what front end I (supposedly) installed. I did change to systemd in the meantime, maybe that is what caused it to go awol.
It was not crucial because I am behind a router, but now that my son is punching holes in the router firewall for his games, I'd like to fix this situation.
A couple of things confuse me. If iptables is part of the kernel then I shouldn't have to install it, right? But then it should respond to "iptables -nvL" I would think.
Also I wonder if I have a front end even if there is no iptables. I did try "pacman -Qs firewall" and got nothing. Also when I did "pacman -Ss firewall" I found a few front ends like shorewall and ufw but no iptables.
Last edited by PaulBx1 (2012-10-25 02:07:09)
Offline
It makes me curious as to why you did not do $ pacman -Ss iptables ?
Offline
Guess I just assumed the description for iptables would have "firewall" in it. Silly me.
Well I must have been hallucinating that I had a firewall before. Anyway there is none now that I can tell ("systemctl" does not display anything having to do with firewalls or iptables either). So, I suppose I will just install a firewall and front end as if I never had...
Offline
I imagine the situation with iptables is similar to udev. Support for it is built into the kernel but you still need to install a userspace program in order to take advantage of it.
6EA3 F3F3 B908 2632 A9CB E931 D53A 0445 B47A 0DAB
Great things come in tar.xz packages.
Offline
Well ya, iptables and Netfilter is part of the Kernel, but you configure it with userspace tools.
You had it right you tell what rules are configured with the command: iptables -nvL
Personaly, I love arno-iptables-firewall script that is in the AUR. It makes it vary easy to do NAT, Port-Forwarding, and everything you would ever want. It also makes vary secure rules to prevent all kinds of attacks. I really could not do a better job myself. I found that basicaly all the GUI "firewall" iptables configuration programs only set vary basic rules.
This is the systemd unit file I use to start/stop
/usr/lib/systemd/system/arno-iptables-firewall.service
[Unit]
Description=Arno iptables firewall
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/arno-iptables-firewall start
ExecStop=/usr/sbin/arno-iptables-firewall stop
[Install]
WantedBy=multi-user.target
You configure it by editing /etc/arno-iptables-firewall/firewall.conf
OpenBSD-current Thinkpad X230, i7-3520M, 16GB CL9 Kingston, Samsung 830 256GB
Contributor: linux-grsec
Offline
Another easy to setup tool for iptables is: https://wiki.archlinux.org/index.php/Ufw
or more generally have a look at: https://wiki.archlinux.org/index.php/Firewalls
Offline
Pages: 1