You are not logged in.

#1 2009-04-16 20:12:53

DuncanF
Member
Registered: 2009-04-16
Posts: 10

Basic Firewall

I was wondering if anyone had advice on setting up a good basic firewall for a laptop generally being used on public wifi, mostly at my university.  I followed the wiki guide on iptables but it shut down certain functionality I want such as samba and printing.  Does anyone have a config file on hand that would meet these requirements I could look over or advice on implementing a proper ruleset, or a frontend that would work well.  I have heard good things about firehol.

Duncan

Last edited by DuncanF (2009-04-16 20:13:15)

Offline

#2 2009-04-16 20:15:52

Inxsible
Forum Fellow
From: Chicago
Registered: 2008-06-09
Posts: 9,183

Re: Basic Firewall

If you are using  Gnome, then firestarter is a good GUI that helps you open/close ports easily.


Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

Offline

#3 2009-04-16 20:18:23

evr
Arch Linux f@h Team Member
Registered: 2009-01-23
Posts: 554

Re: Basic Firewall

i personally like using Guarddog for setting up the firewall on my laptop.  It's easy to configure common services, and adding custom ones is not difficult as well.

Offline

#4 2009-04-16 20:26:50

DuncanF
Member
Registered: 2009-04-16
Posts: 10

Re: Basic Firewall

I'm using KDE 4.2.2, and if I remember firestarter pulls in half of gnome, so guarddog would be a good choice?

Offline

#5 2009-04-16 20:29:27

evr
Arch Linux f@h Team Member
Registered: 2009-01-23
Posts: 554

Re: Basic Firewall

yeah, guarddog is definitely a better choice if you're using KDE, even though i think it's dependent on kdelibs3 and qt3 though.

Offline

#6 2009-04-16 20:30:26

DuncanF
Member
Registered: 2009-04-16
Posts: 10

Re: Basic Firewall

Aye, i've already got them installed and configured for KMyMoney and K3B so all is good on that respect smile

Offline

#7 2009-04-17 18:24:04

DuncanF
Member
Registered: 2009-04-16
Posts: 10

Re: Basic Firewall

I ended up going with FireHOL as guarddog I found to be too restricting, and FireHOL is much more powerful and easier to use in my eyes.  I ended up with this configuration file.  Any suggestions for further modification?

# The network of our LAN.
home_ips="172.20.163.0/24 199.165.96.0/22"
# Allow BitTorrent server ports
server_bittorrent_ports="tcp/45632 udp/4444"
client_bittorrent_ports=any

interface wlan0 internet1 src not "${home_ips} ${UNROUTABLE_IPS}"
    protection strong 10/sec 10

    policy drop

#    server ident reject with tcp-reset
    server bittorrent accept
    client all accept

interface wlan0 lan1 src "${home_ips}"

    server ICMP accept
    server ms_ds accept
    server samba accept
    client all accept

interface eth0 internet2 src not "${home_ips} ${UNROUTABLE_IPS}"
    protection strong 10/sec 10

    policy drop

#    server ident reject with tcp-reset
    server bittorrent accept
    client all accept

interface eth0 lan2 src "${home_ips}"

    server ICMP accept
    server ms_ds accept
    server samba accept
    client all accept

Offline

Board footer

Powered by FluxBB