January 27th, 2005, 03:44 PM
I need a firewall for testing purposes and I was wondering what's the fastest way to have a linux firewall working... I was thinking in an iptables with a webmin in some fedora... Any suggestion?
Thank you all!
January 27th, 2005, 04:28 PM
if it will be a dedicated box (i hope so) for firewall and you arent that good on linux, i recommend this:
It has Netfilter firewall (a.k.a. iptables), squid, snort, web admin, etc...
its a plug-and-play distro. You can get it also on linuxiso.
However if you want to learn about firewalls, i may advise you to go to netfilter line command interface (iptables) and learn how to use it. I think that configuring a firewall with iptables is very good for understanding how a packet-filter firewall works. Netfilter also can be configured to be a statefull firewall.
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt.
If I die before I wake, I pray the Lord my soul to brake.
January 27th, 2005, 04:46 PM
If you just need something to pound on, I'd grab a Live linux distro that you like that has IPTables on by default, or just throw Fedora 3, Suse 9.(whatever the latest is), mandrake, etc...one of them, and enable the firewall by default during install. This won't be a completely robust firewall that is tweaked for specific needs, but it will be something to smash your packets against.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
January 27th, 2005, 04:55 PM
A while ago, I was playing around with front-ends, more or less specific to iptables.
It simplifies a lot the configuration of the iptables-rules, so it might be of interest
for you. In my opinion, it is a good starting point in any case (eg. to understand rule-sets)
I started with firehol1].
--> Phish recommended fwbuilder. That's the way to go in my opinion.
There is even another project, vuurmuur
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
January 27th, 2005, 05:18 PM
Thank you all... Smooth wall looks good, as the other suggestions
I'm not a begginer in firewalls (i'm not an expert neither!!! ) but I always worked with "precooked" ones... Checkpoint, Sonicwall, etc... It will be intresting play around with linux...
One more time, thank you all. Antionline is an excellent community.
January 27th, 2005, 11:08 PM
... don't overlook IPCop either - a branch off from Smoothwall or the otherway around and another dedicated firewall linux distro.
I have it running here to protect the home network, runs squid, snort, and traffic shaping - not a bad package at all in a 40mb iso. Content filtering via Dansguardian is also available through an addon package, but requires a bit more RAM to keep it all running nice.
Like Smoothwall - it takes around 10 minutes to install - so if you break it by over tweaking - no real harm done, 10 minutes or less and your back up and running.
January 28th, 2005, 11:30 AM
I installed a smoothwall and it looks very good. Easy to install, to understand and well documented... Very interesting de DansGuardian optin in IPCop, I'll chek it out
January 28th, 2005, 12:30 PM
If you need a firewall on your existing box, if you don't have a spare box, I'd recommend iptables with shorewall, cause shorewall is easy to configure and learns you to handle iptables.
January 28th, 2005, 12:39 PM
If you're looking for a GUI IPtables firewall (something like what Zone Alarm is for Windows) then I'd suggest Firestarter, I won't say I have personal experience with this package but from the site it seems to be a good IPtable configuration solution for people new to Linux.
January 28th, 2005, 03:01 PM
What I miss in Smoothwall is the ability to restrict outgoing connections...