I need a firewall for testing purposes and I was wondering what's the fastest way to have a linux firewall working... I was thinking in an iptables with a webmin in some fedora... Any suggestion?
Thank you all!
Printable View
I need a firewall for testing purposes and I was wondering what's the fastest way to have a linux firewall working... I was thinking in an iptables with a webmin in some fedora... Any suggestion?
Thank you all!
if it will be a dedicated box (i hope so) for firewall and you arent that good on linux, i recommend this:
www.smoothwall.org
It has Netfilter firewall (a.k.a. iptables), squid, snort, web admin, etc...
its a plug-and-play distro. You can get it also on linuxiso.
However if you want to learn about firewalls, i may advise you to go to netfilter line command interface (iptables) and learn how to use it. I think that configuring a firewall with iptables is very good for understanding how a packet-filter firewall works. Netfilter also can be configured to be a statefull firewall.
If you just need something to pound on, I'd grab a Live linux distro that you like that has IPTables on by default, or just throw Fedora 3, Suse 9.(whatever the latest is), mandrake, etc...one of them, and enable the firewall by default during install. This won't be a completely robust firewall that is tweaked for specific needs, but it will be something to smash your packets against. :D
Hi
A while ago, I was playing around with front-ends, more or less specific to iptables.
It simplifies a lot the configuration of the iptables-rules, so it might be of interest
for you. In my opinion, it is a good starting point in any case (eg. to understand rule-sets)
I started with firehol1].
--> Phish recommended fwbuilder[2]. That's the way to go in my opinion.
There is even another project, vuurmuur[3]
Cheers.
[1] http://firehol.sourceforge.net/
http://www.antionline.com/showthread...hlight=firehol
[2] http://www.fwbuilder.org/
[3] http://vuurmuur.sourceforge.net/
Thank you all... Smooth wall looks good, as the other suggestions ;)
I'm not a begginer in firewalls (i'm not an expert neither!!! :) ) but I always worked with "precooked" ones... Checkpoint, Sonicwall, etc... It will be intresting play around with linux...
One more time, thank you all. Antionline is an excellent community.
... don't overlook IPCop either - a branch off from Smoothwall or the otherway around and another dedicated firewall linux distro.
I have it running here to protect the home network, runs squid, snort, and traffic shaping - not a bad package at all in a 40mb iso. Content filtering via Dansguardian is also available through an addon package, but requires a bit more RAM to keep it all running nice.
Like Smoothwall - it takes around 10 minutes to install - so if you break it by over tweaking - no real harm done, 10 minutes or less and your back up and running.
I installed a smoothwall and it looks very good. Easy to install, to understand and well documented... Very interesting de DansGuardian optin in IPCop, I'll chek it out :)
Thank you.
If you need a firewall on your existing box, if you don't have a spare box, I'd recommend iptables with shorewall, cause shorewall is easy to configure and learns you to handle iptables.
Cheers
If you're looking for a GUI IPtables firewall (something like what Zone Alarm is for Windows) then I'd suggest Firestarter, I won't say I have personal experience with this package but from the site it seems to be a good IPtable configuration solution for people new to Linux.
What I miss in Smoothwall is the ability to restrict outgoing connections...
Check out Smoothwall's Community Forums @ http://community.smoothwall.org/forum/ .....
and ....
http://martybugs.net/smoothwall/iptables.cgi for info on tweaking iptables rules in Smoothwall, this guys site has a few other handy tips for Smoothwall too.
It was exactly what I nedded!
Thank you!
also, try going to linux distro just google it, they have a section on just security/firewall and you have your pick of alot, a new firewall that came out thats like smoothwall is m0no wall those are zeroes just google m0n0 i think you should check that out, i used smoothwall and smoothwall corporate, i havent loaded m0n0 yet but ive seen my friend run it its based off freebsd.
M0n0 looks quite interesting also, I was looking for something compact that runs in small boxes for another project.... And this seems to be the solution.... And seems to be more flexible than smoothwall (I have it running in "semiproduction" though ;) )
Thank you!!
Thats the only downfall to some of the gui firewall distro's like smoothwall and ipcop, which i think are both great, is that they do not allow you to gui edit the iptable chains. Sooner or later you will have to kill some kind of connection either input or output and will have to learn at least the basics of iptables. They are execllent starts though. I recommend IPcop, its had my home networking running for over a year.
Is then IPcop allowing to you change the iptable chains from the gui?Quote:
Originally posted here by kr5kernel
Thats the only downfall to some of the gui firewall distro's like smoothwall and ipcop, which i think are both great, is that they do not allow you to gui edit the iptable chains. Sooner or later you will have to kill some kind of connection either input or output and will have to learn at least the basics of iptables. They are execllent starts though. I recommend IPcop, its had my home networking running for over a year.
Yeap, that isnt good for learning, but excellent for security. Like in smoothwall, the interface is pretty simple and disallow the user to do stupid changes in chains.Quote:
Originally posted here by kr5kernel
Thats the only downfall to some of the gui firewall distro's like smoothwall and ipcop, which i think are both great, is that they do not allow you to gui edit the iptable chains.
You cant imagine what i use to see on some netfilters configuration. :)
I agree with you that the best is learn how it works... I did something in the university about the chains couple years ago... some app called iproute2.. Is this familiar to you?
By the way, if you want to install some firewall software from scratch in a dedicated box, what Linux distro you would use? And how can you configure the system to be secure enough to be a firewall????
using IPCop here and having no issues at all, seems lke a very sturdy and easy to use solution, ben up for over 100 days and nothing has gone wrong and it seems to stop what i am asking it to stop!!