I just moved from a place where I was on a secure network - now it's just my computer and a cable modem and I'm interested in seriously looking at how to make it secure.
I'm not afraid of delving into iptables but I read a few articles which stated that it's probably not the right thing for a single workstation - my needs are not extensive, all I want to do is browse the internet and have the relevant ports left open to use bittorrent. That's it - no fancy stuff.
I found a small programme called levy on the gShield site which may be more appropraite - anyone have any input on this? Is there a more simple way of fulfilling my needs? Maybe iptables is the best thing around?
levy is a perl script which generates a basic iptables rulesets based on a given external interface and a set of ports to open.
In other words, if you decide to use levy, you'll end up using iptables - levy simply makes rule creation a bit easier.
I haven't used it myself, but it could be a good place to start. Let levy sort you out initially, then examine the rules it creates, and start writing your own.
There are a lot of tools out there that do this kind of thing - google some more and you'll find them.
Thanks tomk - I had previously followed iceram's advice by using gshield to create a rules file. It was pretty heavy going though and I wasn't sure if it was set up properly. Anyway, I managed to use it to get iptables started and it seemed to be working OK. I tried levy too but iptables wouldn't start when I tried to use the file it generated....
so I tried arno's iptables script as suggested here which seems pretty easy to set up - there's even arch-specific instructions
The thing I really need set up properly is allowing bittorrent uploads - at the moment I'm getting about 50kb/s and nothing uploaded so I'll probably be kicked off the tracker soon...
Wow that links is great ,set up in minutes ....now just got to check settings ...
would be nice to see set up in Wiki