1 |
Have a look at firehol (firehol.sourceforge.net). I suppose that this is |
2 |
exactly what u r looking for. You can write config files in an easy and |
3 |
understandable language, firehol will translate them into iptables commands. |
4 |
You can find predefined scripts for different environments after emerging |
5 |
firehol in /etc/firehol/examples |
6 |
|
7 |
For a single dialup computer the settings are as simple as: |
8 |
interface any world |
9 |
client all accept |
10 |
|
11 |
Which means that the computer is completely hidden and offers no services. |
12 |
Adding a ssh Server just adds the following line |
13 |
server ssh |
14 |
|
15 |
You can find a nice and detailled example at firehols hompage. |
16 |
|
17 |
|
18 |
On Friday 12 August 2005 15:40, cothrige wrote: |
19 |
> I have been trying to find a way to set up a simple firewall which I |
20 |
> can trust is doing what I need it to do. I am connecting via a |
21 |
> diaulup with my local phone company which dynamically assigns me an ip |
22 |
> address. I want to be able to use the web and send and receive email |
23 |
> via my pop and smtp server, also from my phone company, but of course |
24 |
> would like to protect myself from outside attacks. I also have a |
25 |
> second machine connected via ethernet which allows me to operate out |
26 |
> of two rooms, but I don't have anything I can use to set up a |
27 |
> dedicated firewall box, which seems to be what so many howtos assume. |
28 |
> |
29 |
> Can anyone make a suggest a guide or howto on firewalls which I can |
30 |
> use? I have never been able to figure out iptables in such a way that |
31 |
> I am confident that I am doing anything other than making things |
32 |
> worse, or just end up unable to connect to anything. Or perhaps there |
33 |
> is a simple tool which will do these things? I tried firestarter but |
34 |
> it never seemed to work quite right. I could get it to allow me out |
35 |
> once, but then when I would dial up later I couldn't reach the |
36 |
> network. Or the ssh connection would be down. Or something similar. |
37 |
> This was disappointing as it really did seem the simplest to use of |
38 |
> those I investigated. |
39 |
> |
40 |
> I hope someone can make a suggestion to an iptable newbie about where |
41 |
> to go now. Many thanks for any help, |
42 |
> |
43 |
> Patrick |
44 |
-- |
45 |
gentoo-user@g.o mailing list |