Differences between revisions 19 and 20
Revision 19 as of 2009-02-27 19:19:27
Size: 2419
Editor: ?James P. Carter
Comment: more minor formatting changes
Revision 20 as of 2009-02-27 19:22:34
Size: 2526
Editor: ?James P. Carter
Comment: separation of new content from older content a request for further documentation
Deletions are marked like this. Additions are marked like this.
Line 28: Line 28:
Upon reboot your firewall rules will be in use. '''Congratulations!''' Upon reboot your firewall rules will be in use.
Line 30: Line 30:
''The following are from previous edits to this page... please update further...''

Debian does not have a default firewall, however you can create your own with iptables. A simple script like the one below run at boot will provide your host with a reasonable amount of security. Be aware that the following script drops all packets which do not match an allow rule so normal network error messages will not be seen. All allow rules have been commented out to protect the uninitiated.

Simple Firewall with iptables

# A very basic IPtables / Netfilter script
# Flush the tables to apply changes
iptables -F
## Default policy to drop 'everything'
iptables -P INPUT DROP
iptables -P FORWARD DROP
## Allow established connections and local programs that use loopback
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
## Allow offered service clients to connect to ethernet interface
# Secure Shell
#iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
# Web Services (80)
#iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT
# Web Services (443)
#iptables -A INPUT -p tcp --dport 443 -i eth0 -j ACCEPT
# Webmin
#iptables -A INPUT -p tcp --dport 10000 -i eth0 -j ACCEPT
#end script

The name of the firewall script is up to you. For sake of argument and to make it easy to find in the future let's call our script firewall.sh. I recommend saving the script to /etc so that the script may be edited and run from /etc/firewall.sh. Simply edit /etc/rc.local and add /etc/firewall.sh in the white space prior to the exit.

Congratulations! Upon reboot your firewall rules will be in use.

The following are from previous edits to this page... please update further...

Start with three network cards, a basic Debian installation, and a few other computers for clients. (VMware works too)

  • ["HowTo/ssh"] - Covering the basics of remote access
  • ["HowTo/shorewall"] - Configuring your firewall
  • ["HowTo/iptables"] - Configuring iptables
  • ["HowTo/dnsmasq"] - Adding DHCP and DNS to your firewall
  • ["HowTo/squid"] - Adding a web proxy
  • ["HowTo/dansguardian"] - Adding web content filtering
  • ["HowTo/openvpn"] - Adding a SSL VPN server (my prefered VPN solution)
  • ["HowTo/openswan"] - Adding a IPSEC VPN server
  • ["HowTo/snort"] - Adding intrusion detection
  • ["HowTo/webmin"] - Adding web-based administration
  • ["HOWTO/DynamicBlockSSHddos"] - Simple script to do dynamic ssh ddos attack blocking