2690
Comment:
|
2654
Debian Live link for Zorp firewall addition
|
Deletions are marked like this. | Additions are marked like this. |
Line 33: | Line 33: |
Zorp has been added to Debian with 5.0 at least on [javascript:void(0);/*1236363955840*/ Debian LIVE]! | Zorp has been added to Debian with 5.0 at least on ["DebianLive"]! |
Debian did not have a default firewall prior to version 5.0 "500", however you can create your own with iptables. A simple script like the one below run at boot will provide your host with a reasonable amount of security. Be aware that the following script drops all packets which do not match an allow rule so normal network error messages will not be seen. All allow rules have been commented out to protect the uninitiated.
Simple Firewall with iptables
# A very basic IPtables / Netfilter script # Flush the tables to apply changes iptables -F ## Default policy to drop 'everything' iptables -P INPUT DROP iptables -P FORWARD DROP ## Allow established connections and local programs that use loopback iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT ## Allow offered service clients to connect to ethernet interface # Secure Shell #iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT # Web Services (80) #iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT # Web Services (443) #iptables -A INPUT -p tcp --dport 443 -i eth0 -j ACCEPT # Webmin #iptables -A INPUT -p tcp --dport 10000 -i eth0 -j ACCEPT #end script
The name of the firewall script is up to you. For sake of argument and to make it easy to find in the future let's call our script firewall.sh. I recommend saving the script to /etc so that the script may be edited and run from /etc/firewall.sh. Simply edit /etc/rc.local and add /etc/firewall.sh in the white space prior to the exit.
Congratulations! Upon reboot your firewall rules will be in use.
Debian 5.0 (500)
Zorp has been added to Debian with 5.0 at least on ["DebianLive"]!
The following are from previous edits to this page... please update further...
Start with three network cards, a basic Debian installation, and a few other computers for clients. (VMware works too)
- ["HowTo/ssh"] - Covering the basics of remote access
- ["HowTo/shorewall"] - Configuring your firewall
- ["HowTo/iptables"] - Configuring iptables
- ["HowTo/dnsmasq"] - Adding DHCP and DNS to your firewall
- ["HowTo/squid"] - Adding a web proxy
- ["HowTo/dansguardian"] - Adding web content filtering
- ["HowTo/openvpn"] - Adding a SSL VPN server (my prefered VPN solution)
- ["HowTo/openswan"] - Adding a IPSEC VPN server
- ["HowTo/snort"] - Adding intrusion detection
- ["HowTo/webmin"] - Adding web-based administration
- ["HOWTO/DynamicBlockSSHddos"] - Simple script to do dynamic ssh ddos attack blocking