Please support VectorLinux!

Author Topic: can't set up firewall  (Read 3181 times)

akman

  • Member
  • *
  • Posts: 1
can't set up firewall
« on: April 12, 2008, 07:46:46 am »
Hello, VL is my first linux experience. I connect to internet via router properly but I can't set firewall

after command iptables -L , I get :

Chain INPUT   (policy ACCEPT)
target prot opt source  destination         

Chain FORWARD (policy ACCEPT)
target prot opt source  destination         

Chain OUTPUT  (policy ACCEPT)
target prot opt source  destination 

Is this normal ?

bigpaws

  • Vectorian
  • ****
  • Posts: 1868
Re: can't set up firewall
« Reply #1 on: April 12, 2008, 08:32:19 am »
Firewalls  should be stand alone.

Here is a start, just add this script to say rc.firewall and then edit
as needed.

#!/bin/bash

# rc.firewall for
# Basic Vector Security

# These two rules set the default policies, i.e. what to do if a
# packet doesn't match any other rule, to drop any packet coming
# into (INPUT) or routing through (FORWARD) the box.
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP

# These rules are added (-A) to the INPUT chain. They allow packets
# from any previously established connections and accept anything
# from the loopback interface.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT

# This rule added to the INPUT chain accepts any ssh connections.
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT


Bigpaws

never_stop_learning

  • Vectorite
  • ***
  • Posts: 263
    • CigarWeekly
Re: can't set up firewall
« Reply #2 on: April 13, 2008, 04:33:08 pm »
Firewalls  should be stand alone.

Here is a start, just add this script to say rc.firewall and then edit
as needed.

#!/bin/bash

# rc.firewall for
# Basic Vector Security

# These two rules set the default policies, i.e. what to do if a
# packet doesn't match any other rule, to drop any packet coming
# into (INPUT) or routing through (FORWARD) the box.
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP

# These rules are added (-A) to the INPUT chain. They allow packets
# from any previously established connections and accept anything
# from the loopback interface.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT

# This rule added to the INPUT chain accepts any ssh connections.
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT


Bigpaws


Should this script be added to the end of rc.firewall?

Thank you.....
Laptop: IBM X60s (Centrino/Duo, 2gb ram, 80gb hd) VL 6.0 Std
Netbook: HP Mini (Intel Atom 1ghz, 2gb ram, 16gb SSD + 8gb flash ) VL 6.0 Std
Desktop: Dell Dimension 5150 (P4 3ghz, 2gb ram, 80gb hd) VL 6.0 Std
Wife's Desktop: Gateway (P4 2ghz, 1gb ram, 80gb hd) VL 6.0 Std

bigpaws

  • Vectorian
  • ****
  • Posts: 1868
Re: can't set up firewall
« Reply #3 on: April 13, 2008, 05:32:21 pm »
You can do that. Edit for the needed services.

Bigpaws