2419
Comment: more minor formatting changes
|
2526
separation of new content from older content a request for further documentation
|
Deletions are marked like this. | Additions are marked like this. |
Line 28: | Line 28: |
Upon reboot your firewall rules will be in use. | '''Congratulations!''' Upon reboot your firewall rules will be in use. |
Line 30: | Line 30: |
''The following are from previous edits to this page... please update further...'' |
Debian does not have a default firewall, however you can create your own with iptables. A simple script like the one below run at boot will provide your host with a reasonable amount of security. Be aware that the following script drops all packets which do not match an allow rule so normal network error messages will not be seen. All allow rules have been commented out to protect the uninitiated.
Simple Firewall with iptables
# A very basic IPtables / Netfilter script # Flush the tables to apply changes iptables -F ## Default policy to drop 'everything' iptables -P INPUT DROP iptables -P FORWARD DROP ## Allow established connections and local programs that use loopback iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT ## Allow offered service clients to connect to ethernet interface # Secure Shell #iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT # Web Services (80) #iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT # Web Services (443) #iptables -A INPUT -p tcp --dport 443 -i eth0 -j ACCEPT # Webmin #iptables -A INPUT -p tcp --dport 10000 -i eth0 -j ACCEPT #end script
The name of the firewall script is up to you. For sake of argument and to make it easy to find in the future let's call our script firewall.sh. I recommend saving the script to /etc so that the script may be edited and run from /etc/firewall.sh. Simply edit /etc/rc.local and add /etc/firewall.sh in the white space prior to the exit.
Congratulations! Upon reboot your firewall rules will be in use.
The following are from previous edits to this page... please update further...
Start with three network cards, a basic Debian installation, and a few other computers for clients. (VMware works too)
- ["HowTo/ssh"] - Covering the basics of remote access
- ["HowTo/shorewall"] - Configuring your firewall
- ["HowTo/iptables"] - Configuring iptables
- ["HowTo/dnsmasq"] - Adding DHCP and DNS to your firewall
- ["HowTo/squid"] - Adding a web proxy
- ["HowTo/dansguardian"] - Adding web content filtering
- ["HowTo/openvpn"] - Adding a SSL VPN server (my prefered VPN solution)
- ["HowTo/openswan"] - Adding a IPSEC VPN server
- ["HowTo/snort"] - Adding intrusion detection
- ["HowTo/webmin"] - Adding web-based administration
- ["HOWTO/DynamicBlockSSHddos"] - Simple script to do dynamic ssh ddos attack blocking