Simple firewall [iptables]

Post Reply
User avatar
zAchAry
Posts: 804
Joined: 11. May 2010, 09:02
Location: Israel

Simple firewall [iptables]

Post by zAchAry »

Since I don't know what exactly I'm writing at this post, please don't take me too seriously (any better sentence in english?) about the following:

Since there's no firewall application in SalixOS, in my view, at least...
Simple firewall
This is a very simple firewall I was once taught by my friend Fabio. Just copy these lines in a blank file, make it executable, and have it executed some time during your init process. My favorite way is to add this in /etc/network/interfaces:

Code: Select all

auto eth1
iface eth1 inet static
address 192.168.0.1
netmask 255.255.255.0
post-up /etc/network/if-up.d/firewall.sh
This is the firewall script:

Code: Select all

#!/bin/sh
# Cleans the iptables
iptables -F
# Enables internet connection sharing
modprobe iptable_nat
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
# Opens some ports (22=SSH, 1080=Socks)
iptables -A INPUT -p tcp --destination-port 22 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 1080 -j ACCEPT
# Opens local network
iptables -A INPUT -p tcp --syn -s 192.168.0.0/255.255.255.0 -j ACCEPT
# Closes everything else
iptables -A INPUT -p tcp --syn -j DROP
from: http://yorik.uncreated.net/linuxstuff.html
Image
Help to make Slackware easier Donate to Salix
Top
User avatar
pwatk
Posts: 474
Joined: 14. Mar 2010, 23:56
Location: United Kingdom

Re: Simple firewall [iptables]

Post by pwatk »

Slackware doesn't use sysconfig so /etc/network/interfaces isn't a valid location.

Make /etc/rc.d/rc.ip_forward executable to enable ip forwarding:

Code: Select all

# chmod +x /etc/rc.d/rc.ip_forward
# /etc/rc.d/rc.ip_forward start
I've been meaning to spend some time learning how to use iptables properly. I've started reading this tutorial and IMO the best firewall package I can fine is Shorewall (but it's not exactly simple), I've made a slkbuild for it here.
Image
Top
Antid Oto
Posts: 57
Joined: 6. Jul 2010, 01:28
Location: Bs. As. - Argentina.

Re: Simple firewall [iptables]

Post by Antid Oto »

What pwatk says is true. Shorewall is an excellent solution for firewall. If you need an easy way to configure it here's a tutorial:

http://shorewall.net/GettingStarted.html

You can find sample configuration files in "/usr/share/doc/shorewall-4.4.12/Samples" (the default location, usually), for one, two, or three network interfaces. Greetings,
Image
Top
Post Reply

Return to “Documentation”