1 |
On Tuesday 06 Oct 2015 20:14:59 James wrote: |
2 |
> Hello, |
3 |
> |
4 |
> I just ran across this page: |
5 |
> |
6 |
> http://gentoo-en.vfose.ru/wiki/Iptables/Iptables_and_stateful_firewalls#Sta |
7 |
> te_basics |
8 |
> |
9 |
> It has a basic firewall using iptables. |
10 |
> Not bad for a generic firewall on a openrc workstation. |
11 |
> What is the best way to auto lauch this sort of firewall.sh ? |
12 |
|
13 |
Start iptables, run the script, stop iptables with '/etc/init.d/iptables stop' |
14 |
which will save your rules to /var/lib/iptables/rules-save, or run 'iptables- |
15 |
save /var/lib/iptables/rules-save'. Add any sysctl changes to |
16 |
/etc/sysctl.conf, so that they are permanent. Re-run the script if you want |
17 |
to change things in it. |
18 |
|
19 |
|
20 |
> Any improvements in this basic workstation firewall |
21 |
> everything out, nothing in? |
22 |
|
23 |
Yes, but such improvements are suggested in subsequent scripts on the same |
24 |
page, e.g. ICMP handling, selective logging, etc. If all you want is "a basic |
25 |
firewall using iptables" for the IPv4 workspace, then what you have will do |
26 |
the job. |
27 |
|
28 |
|
29 |
> Any good tools to quickly test this firewall from another local |
30 |
> workstation? |
31 |
|
32 |
nmap -A -T4 -P0 -vvv -p1-65535 XXX.XX.XXX.XX |
33 |
|
34 |
-- |
35 |
Regards, |
36 |
Mick |