Well, it is nice to have a firewall capability on Linux, but the problem is in writing the rules. There are a number of sites out there that explain how to write the rules, but actually doing it is another thing. For a large amount of good and up to date information on Linux firewalls see http://www.linux-firewall-tools.com/linux/. Included at the Linux-firewall-tools site is a nice Web based tool for building a customized set of firewall rules. However, be aware that the licensing agreement on that site appears to have some minor restrictions on use of rules obtained from that site. As a consequence, I've developed a set of rules for my site that you might find useful if you are running a similar setup (single server, internal network, desire moderate security without being excessive, have no hackers on the inside, don't want to restrict internal users, and want minimal connectivity from the outside but good connectivity to the outside).
Assuming that you put the firewall script in your /etc/rc.d directory, it is invoked from /etc/rc.d/rc.local at boot time by adding the following statements:
To use it, you will need to modify the IFEXTERN, and IFINTERN statements in the file /etc/rc.d/ip to correspond to your network.echo "Firewall OFF." >/var/log/firewall /etc/rc.d/firewall # turn on firewall
If your site has been attacked at one time or another, you might want to added the IP addresses of the offending sites to firewall.block.
Finally, to ensure that my firewall is turned on, since when testing, I often forget and leave it turned off, put the file check.firewall.hourly in your /etc/cron.hourly directory, and it will send you (root) an email message if it finds the firewall turned off.
Home: www.sibbald.com
Contact: kern at sibbald dot com
Last Update: