| 1 |
Have a look at firehol (firehol.sourceforge.net). I suppose that this is |
| 2 |
exactly what u r looking for. You can write config files in an easy and |
| 3 |
understandable language, firehol will translate them into iptables commands. |
| 4 |
You can find predefined scripts for different environments after emerging |
| 5 |
firehol in /etc/firehol/examples |
| 6 |
|
| 7 |
For a single dialup computer the settings are as simple as: |
| 8 |
interface any world |
| 9 |
client all accept |
| 10 |
|
| 11 |
Which means that the computer is completely hidden and offers no services. |
| 12 |
Adding a ssh Server just adds the following line |
| 13 |
server ssh |
| 14 |
|
| 15 |
You can find a nice and detailled example at firehols hompage. |
| 16 |
|
| 17 |
|
| 18 |
On Friday 12 August 2005 15:40, cothrige wrote: |
| 19 |
> I have been trying to find a way to set up a simple firewall which I |
| 20 |
> can trust is doing what I need it to do. I am connecting via a |
| 21 |
> diaulup with my local phone company which dynamically assigns me an ip |
| 22 |
> address. I want to be able to use the web and send and receive email |
| 23 |
> via my pop and smtp server, also from my phone company, but of course |
| 24 |
> would like to protect myself from outside attacks. I also have a |
| 25 |
> second machine connected via ethernet which allows me to operate out |
| 26 |
> of two rooms, but I don't have anything I can use to set up a |
| 27 |
> dedicated firewall box, which seems to be what so many howtos assume. |
| 28 |
> |
| 29 |
> Can anyone make a suggest a guide or howto on firewalls which I can |
| 30 |
> use? I have never been able to figure out iptables in such a way that |
| 31 |
> I am confident that I am doing anything other than making things |
| 32 |
> worse, or just end up unable to connect to anything. Or perhaps there |
| 33 |
> is a simple tool which will do these things? I tried firestarter but |
| 34 |
> it never seemed to work quite right. I could get it to allow me out |
| 35 |
> once, but then when I would dial up later I couldn't reach the |
| 36 |
> network. Or the ssh connection would be down. Or something similar. |
| 37 |
> This was disappointing as it really did seem the simplest to use of |
| 38 |
> those I investigated. |
| 39 |
> |
| 40 |
> I hope someone can make a suggestion to an iptable newbie about where |
| 41 |
> to go now. Many thanks for any help, |
| 42 |
> |
| 43 |
> Patrick |
| 44 |
-- |
| 45 |
gentoo-user@g.o mailing list |
Archives