ip tables , Firewall builder discussion

TomWitko · 2009-08-29 14:44:59

Hi Guys

Checked out the guides for Firewallbuilder online and still kind of not sure on some of the basic functions of it. Slowly figuring it out as have only used firestarter so far and have not played with iptables at all. I would like to learn more on how iptables work in linux and have read a little bit so far. So far used to wintype firewalls with service names and ip port entries. How does iptables differ? Can I specify a service say like amsn for a port?.

There is some menu entries such as compile, commit, and install. So how do I apply new firewall rules to iptables with Firewall Builder. Also tried setting up a tcp port entry for amsn webcam but it did not show up in the policy gui.

Hopefully some experts can help out and would like eventually like to make a wiki entry for firewallbuilder with some basic information on it.

Thanks

R00KIE · 2009-08-29 21:26:46

From my experience (I'm not an expert) I find it easier to understand and configure the rules from the cli. I did give Firewallbuilder a go but even the very few rules I had (from the wiki and a few open ports for ams, deluge and skype) it seems a bit too hard for me.

I have followed this http://wiki.archlinux.org/index.php/Sim … wall_HOWTO and after a couple of careful reads and some trial and error I figured it out. After you have some rules that work for you open them in Firewallbuilder and try to figure it out I have found it's too much work for my simple needs

Zariel · 2009-08-29 21:36:54

I use arno's firewall scripts.

Yagi858 · 2009-09-02 07:25:39

I follow the wiki, but I cannot understand the section about the interface. I can connect the laptop wired wlan or ppp0 (umts modem), dependes where I am, sometimes I don't know the active inteface before boot. Is it right to have a script modified as below, or not ?

#    http://wiki.archlinux.org/index.php/Simple_stateful_firewall_HOWTO
#
# :: blocks bruteforce attacks (useful for securing SSH servers)
#
# ----------------------------------------------------------------------------

# allow local connections (disable for testing purposes only)
allow_lo="yes";

# ----------------------------------------------------------------------------
# interfaces (confirm)

localnet="lo";
internet="eth+";      # the ending '+' is a wildcard for matching patterns
internet="wlan+";    # the ending '+' is a wildcard for matching patterns
internet="ppp+";     # the ending '+' is a wildcard for matching patterns

fukawi2 · 2009-09-02 08:26:29

IMHO, learn iptables before delving into Firewall Builder or any other GUI frontend. That way you only have one thing to learn. The fact that I already knew iptables when I played with firewall builder was the only thing that let me learn it cause I'd build a firewall, compile it and then look at the iptables output to understand what it was actually doing.

Firewall Builder is only a front-end that compiles the raw iptables rules for you - it doesn't actually 'install' the rules. You still have to load them into iptables either by putting them in /etc/iptables/iptables.rules or iptables-restore < /path/to/compiled/firewall

As for your question about the different interfaces, everything except the -J option in iptables is optional, so you can remove the interface parts if there are multiple interfaces the rule could apply to (eg, wlan0 and ppp0)

quarkup · 2009-09-05 11:46:53

well there is the iptables firewall script in that wiki (i added it myself)

http://wiki.archlinux.org/index.php/Sim … wall_HOWTO

I learnt how to use iptables from the same wiki

Arch Linux

#1 2009-08-29 14:44:59

ip tables , Firewall builder discussion

#2 2009-08-29 21:26:46

Re: ip tables , Firewall builder discussion

#3 2009-08-29 21:36:54

Re: ip tables , Firewall builder discussion

#4 2009-09-02 07:25:39

Re: ip tables , Firewall builder discussion

#5 2009-09-02 08:26:29

Re: ip tables , Firewall builder discussion

#6 2009-09-05 11:46:53

Re: ip tables , Firewall builder discussion

Board footer