VectorLinux

Please login or register.

Login with username, password and session length
Advanced search  

News:

Visit our home page for VL info. For support and documentation, visit the Vector Linux Knowledge Center or search the Knowledge Center and this Forum using the search box above.

Author Topic: can't set up firewall  (Read 3263 times)

akman

  • Member
  • *
  • Posts: 1
can't set up firewall
« on: April 12, 2008, 08:46:46 am »

Hello, VL is my first linux experience. I connect to internet via router properly but I can't set firewall

after command iptables -L , I get :

Chain INPUT   (policy ACCEPT)
target prot opt source  destination         

Chain FORWARD (policy ACCEPT)
target prot opt source  destination         

Chain OUTPUT  (policy ACCEPT)
target prot opt source  destination 

Is this normal ?
Logged

bigpaws

  • Vectorian
  • ****
  • Posts: 1872
Re: can't set up firewall
« Reply #1 on: April 12, 2008, 09:32:19 am »

Firewalls  should be stand alone.

Here is a start, just add this script to say rc.firewall and then edit
as needed.

#!/bin/bash

# rc.firewall for
# Basic Vector Security

# These two rules set the default policies, i.e. what to do if a
# packet doesn't match any other rule, to drop any packet coming
# into (INPUT) or routing through (FORWARD) the box.
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP

# These rules are added (-A) to the INPUT chain. They allow packets
# from any previously established connections and accept anything
# from the loopback interface.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT

# This rule added to the INPUT chain accepts any ssh connections.
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT


Bigpaws
Logged

never_stop_learning

  • Vectorite
  • ***
  • Posts: 263
    • CigarWeekly
Re: can't set up firewall
« Reply #2 on: April 13, 2008, 05:33:08 pm »

Firewalls  should be stand alone.

Here is a start, just add this script to say rc.firewall and then edit
as needed.

#!/bin/bash

# rc.firewall for
# Basic Vector Security

# These two rules set the default policies, i.e. what to do if a
# packet doesn't match any other rule, to drop any packet coming
# into (INPUT) or routing through (FORWARD) the box.
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP

# These rules are added (-A) to the INPUT chain. They allow packets
# from any previously established connections and accept anything
# from the loopback interface.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT

# This rule added to the INPUT chain accepts any ssh connections.
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT


Bigpaws


Should this script be added to the end of rc.firewall?

Thank you.....
Logged
Laptop: IBM X60s (Centrino/Duo, 2gb ram, 80gb hd) VL 6.0 Std
Netbook: HP Mini (Intel Atom 1ghz, 2gb ram, 16gb SSD + 8gb flash ) VL 6.0 Std
Desktop: Dell Dimension 5150 (P4 3ghz, 2gb ram, 80gb hd) VL 6.0 Std
Wife's Desktop: Gateway (P4 2ghz, 1gb ram, 80gb hd) VL 6.0 Std

bigpaws

  • Vectorian
  • ****
  • Posts: 1872
Re: can't set up firewall
« Reply #3 on: April 13, 2008, 06:32:21 pm »

You can do that. Edit for the needed services.

Bigpaws
Logged