Differences between revisions 21 and 22
Revision 21 as of 2009-03-06 18:26:10
Size: 2690
Editor: ?James P. Carter
Comment:
Revision 22 as of 2009-03-06 18:27:34
Size: 2654
Editor: ?James P. Carter
Comment: Debian Live link for Zorp firewall addition
Deletions are marked like this. Additions are marked like this.
Line 33: Line 33:
Zorp has been added to Debian with 5.0 at least on [javascript:void(0);/*1236363955840*/ Debian LIVE]! Zorp has been added to Debian with 5.0 at least on ["DebianLive"]!

Debian did not have a default firewall prior to version 5.0 "500", however you can create your own with iptables. A simple script like the one below run at boot will provide your host with a reasonable amount of security. Be aware that the following script drops all packets which do not match an allow rule so normal network error messages will not be seen. All allow rules have been commented out to protect the uninitiated.

Simple Firewall with iptables

# A very basic IPtables / Netfilter script
# Flush the tables to apply changes
iptables -F
## Default policy to drop 'everything'
iptables -P INPUT DROP
iptables -P FORWARD DROP
## Allow established connections and local programs that use loopback
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
## Allow offered service clients to connect to ethernet interface
# Secure Shell
#iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
# Web Services (80)
#iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT
# Web Services (443)
#iptables -A INPUT -p tcp --dport 443 -i eth0 -j ACCEPT
# Webmin
#iptables -A INPUT -p tcp --dport 10000 -i eth0 -j ACCEPT
#end script

The name of the firewall script is up to you. For sake of argument and to make it easy to find in the future let's call our script firewall.sh. I recommend saving the script to /etc so that the script may be edited and run from /etc/firewall.sh. Simply edit /etc/rc.local and add /etc/firewall.sh in the white space prior to the exit.

Congratulations! Upon reboot your firewall rules will be in use.

Debian 5.0 (500)

Zorp has been added to Debian with 5.0 at least on ["DebianLive"]!

The following are from previous edits to this page... please update further...

Start with three network cards, a basic Debian installation, and a few other computers for clients. (VMware works too)

  • ["HowTo/ssh"] - Covering the basics of remote access
  • ["HowTo/shorewall"] - Configuring your firewall
  • ["HowTo/iptables"] - Configuring iptables
  • ["HowTo/dnsmasq"] - Adding DHCP and DNS to your firewall
  • ["HowTo/squid"] - Adding a web proxy
  • ["HowTo/dansguardian"] - Adding web content filtering
  • ["HowTo/openvpn"] - Adding a SSL VPN server (my prefered VPN solution)
  • ["HowTo/openswan"] - Adding a IPSEC VPN server
  • ["HowTo/snort"] - Adding intrusion detection
  • ["HowTo/webmin"] - Adding web-based administration
  • ["HOWTO/DynamicBlockSSHddos"] - Simple script to do dynamic ssh ddos attack blocking