VectorLinux

The nuts and bolts => Networking & Security => Topic started by: akman on April 12, 2008, 08:46:46 am

Title: can't set up firewall
Post by: akman on April 12, 2008, 08:46:46 am
Hello, VL is my first linux experience. I connect to internet via router properly but I can't set firewall

after command iptables -L , I get :

Chain INPUT   (policy ACCEPT)
target prot opt source  destination         

Chain FORWARD (policy ACCEPT)
target prot opt source  destination         

Chain OUTPUT  (policy ACCEPT)
target prot opt source  destination 

Is this normal ?
Title: Re: can't set up firewall
Post by: bigpaws on April 12, 2008, 09:32:19 am
Firewalls  should be stand alone.

Here is a start, just add this script to say rc.firewall and then edit
as needed.

#!/bin/bash

# rc.firewall for
# Basic Vector Security

# These two rules set the default policies, i.e. what to do if a
# packet doesn't match any other rule, to drop any packet coming
# into (INPUT) or routing through (FORWARD) the box.
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP

# These rules are added (-A) to the INPUT chain. They allow packets
# from any previously established connections and accept anything
# from the loopback interface.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT

# This rule added to the INPUT chain accepts any ssh connections.
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT


Bigpaws
Title: Re: can't set up firewall
Post by: never_stop_learning on April 13, 2008, 05:33:08 pm
Firewalls  should be stand alone.

Here is a start, just add this script to say rc.firewall and then edit
as needed.

#!/bin/bash

# rc.firewall for
# Basic Vector Security

# These two rules set the default policies, i.e. what to do if a
# packet doesn't match any other rule, to drop any packet coming
# into (INPUT) or routing through (FORWARD) the box.
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP

# These rules are added (-A) to the INPUT chain. They allow packets
# from any previously established connections and accept anything
# from the loopback interface.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT

# This rule added to the INPUT chain accepts any ssh connections.
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT


Bigpaws


Should this script be added to the end of rc.firewall?

Thank you.....
Title: Re: can't set up firewall
Post by: bigpaws on April 13, 2008, 06:32:21 pm
You can do that. Edit for the needed services.

Bigpaws