Basic Linux firewall
Results 1 to 2 of 2

Thread: Basic Linux firewall

  1. #1
    Banned
    Join Date
    Jun 2002
    Posts
    458

    Basic Linux firewall

    I wanted to help people out who are learning linux by posting something I read from my red hat for dummies book. It is a linux firewall script, and it also includes comments so the user can comprehend what they are typing. (Comments are text that are ignored by the program because they use special characters in front and behind them. Comments are useful for understanding what you are doing, and once bigger scripts are created they are especially useful for understand what has been typed) The comments start with #

    # The next line activates the kernel module that allows
    RealAudio
    # connection through your firewall
    modprobe ip_masq_raudio

    # Flush out all existing rules
    ipchains -F
    ipchains -X

    # Set default filters to deny everything
    ipchains -P input DENY
    ipchains -P output DENY
    ipchains -P forward DENY

    # Allow all internal network traffic
    ipchains -A input -i lo -j ACCEPT
    ipchains -A output -i lo -j ACCEPT

    # Allow all private network traffic (If you have config-
    ured an Ethernet interface on a local network)
    ipchains -A input -i eth0 -j ACCEPT
    ipchains -A output -i eth0 -j ACCEPT

    # Allow all TCP packets out to the internet
    ipchains -A output -p TCP -j ACCEPT -i ppp0 -s 0.0.0.0/0
    1024:65535 -d 0.0.0.0./0

    # Allow all TCP SYN packets back in (the return packets)
    ipchains -A input -p TCP -j ACCEPT -i ppp0 ! -y -s
    0.0.0.0/0

    # Allow DNS UDP packets out to the internet
    ipchains -A output -p UDP -j ACCEPT -i ppp0 -d 0.0.0.0/0
    domain

    # Allow DNS UDP packets back in from the internet
    ipchains -A input -p UDP -j ACCEPT -i ppp0 -s 0.0.0.0/0
    domain


    Save the script as ipfilter.ppp in /usr/local/etc
    Next you need to create the script that will be used to turn off the firewall
    Use a text editor and create the following scriptand save it as ipfilter.reset to /usr/local/etc

    ipchains -F
    ipchains -X
    ipchains -P input ACCEPT
    ipchains -P output ACCEPT
    ipchains -P forward ACCEPT

    I really hope that helps somebody make a firewall, cause it took me 20 mins to peck that all out using my 4 finger technique I hurt my other hand. I'll post more about using the firewall in another post, when I myself understand more about how this works. I am learning also, I just thought this might help somebody. Bye.

  2. #2
    Senior Member
    Join Date
    Mar 2002
    Posts
    425
    Or, if you want to use iptables (which is a stateful packet filter) instead of the older ipchains, you could read these tutorials:

    Iptables (for a single system)
    http://www.antionline.com/showthread...hreadid=230338

    Iptables (for a firewall box with multiple systems behind it)
    http://www.antionline.com/showthread...hreadid=231224

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •