You are not logged in.
Pages: 1
I was wondering if anyone had advice on setting up a good basic firewall for a laptop generally being used on public wifi, mostly at my university. I followed the wiki guide on iptables but it shut down certain functionality I want such as samba and printing. Does anyone have a config file on hand that would meet these requirements I could look over or advice on implementing a proper ruleset, or a frontend that would work well. I have heard good things about firehol.
Duncan
Last edited by DuncanF (2009-04-16 20:13:15)
Offline
If you are using Gnome, then firestarter is a good GUI that helps you open/close ports easily.
There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !
Offline
i personally like using Guarddog for setting up the firewall on my laptop. It's easy to configure common services, and adding custom ones is not difficult as well.
Offline
I'm using KDE 4.2.2, and if I remember firestarter pulls in half of gnome, so guarddog would be a good choice?
Offline
yeah, guarddog is definitely a better choice if you're using KDE, even though i think it's dependent on kdelibs3 and qt3 though.
Offline
Aye, i've already got them installed and configured for KMyMoney and K3B so all is good on that respect
Offline
I ended up going with FireHOL as guarddog I found to be too restricting, and FireHOL is much more powerful and easier to use in my eyes. I ended up with this configuration file. Any suggestions for further modification?
# The network of our LAN.
home_ips="172.20.163.0/24 199.165.96.0/22"
# Allow BitTorrent server ports
server_bittorrent_ports="tcp/45632 udp/4444"
client_bittorrent_ports=any
interface wlan0 internet1 src not "${home_ips} ${UNROUTABLE_IPS}"
protection strong 10/sec 10
policy drop
# server ident reject with tcp-reset
server bittorrent accept
client all accept
interface wlan0 lan1 src "${home_ips}"
server ICMP accept
server ms_ds accept
server samba accept
client all accept
interface eth0 internet2 src not "${home_ips} ${UNROUTABLE_IPS}"
protection strong 10/sec 10
policy drop
# server ident reject with tcp-reset
server bittorrent accept
client all accept
interface eth0 lan2 src "${home_ips}"
server ICMP accept
server ms_ds accept
server samba accept
client all accept
Offline
Pages: 1