Firewall with linux

Security is always an Issue in all computer environment and Linux is not an exception, you can use this to protect either your home PC or your small office network

This uses the script rc.firewall

Follow the instructions below.

* Getting the code

The first thing you need is to get the code, you can download it from here and get the final version, or the final stable.

• Next configure is to your needs

 

Here are some tips.

Under Permit you write the network you want to allow access to your server/network

Permit "192.168.0.0/24 200.90.85.32/32 0.0.0.0:80/tcp 166.114.10.10/32:22/tcp"

On the above example you could see this.

• Allow access to IPs from 192.168.0.1 to 192.168.0.254
• Allow access to the specific IP 200.90.85.32
• Allow access to tcp port 80 (WEB) to every body
• Allow ssh access from 166.114.10.10

 

 

If you want to set up a firewall for your network and using NAT you should use the INTERNAL_INTERFACES parameter and put there your internal interface name for instance eth1.

• Test it

First make the script executable

#chmod 700 rc.firewall

Now if you are testing in a local machine just run it and test if you still have access from the other sites you wish to have access.

If you are testing on a remote server, as far as you are connected you can run it, and try to open another ssh session if you are able to enter, you can continue, if not, you are blocking yourself. If you want to be really sure you are not going to block yourself and lost connection to your remote server, put a cronjob, to execute in 15 minutes with the command.

iptables -F

That should clean all iptables rules, and will have access again.

• Make it automatic

Here I will start with Debian / Ubuntu and maybe other debian based distros. 

- Copy the script to /etc/init.d/

- run the command

#update-rc.d rc.firewall defaults 19

- Done !

Now lets go with Fedora, CentOS and RedHat Linux

- Copy the script to /etc/rc.d/

- run the command

#echo '/etc/rc.d/rc.firewall >> /etc/rc.local 

- Done !