General Linux Discussion

[javapenguin]

---

Can the default firewall setting of Linux give enough security? I mean during installation the suggested firewall was installed

[BadDudes]

im not so sure ... so far im quite contented with its default settings but its better to modify it that suites you best ..

[javapenguin]

Unsa man nindot nga software para set ug Firewall, lisod man ug gamit iptables command

[BadDudes]

before i use ipchains .. now iptables ..its just a matter of reading the man pages ... but other than that no idea ... HELP clintcan!

[mannyamador]

Can the default firewall setting of Linux give enough security? I mean during installation the suggested firewall was installed

Depends on the Linux distribution you are using. The Redhat 9, Red Hat Enterprise Linux 4.0 and up, and CentOS 4.0 and up distros use high security settings. The default firewall allows you to connect to outside servers ans receive relpiy packets, but will deny external hosts that attempt to initiate a connection to youer machine. That's suually good enough for most desktop PCs.

If have a server and want to allow INCOMING http, ssh, etc., then you have to do some tweaking. The ncurses-based interface will allow you to do that. For mnroe complext stuff, you have to learn how to use the iptables or how to edit the firewall config file (/etc/iptables.conf).

[javapenguin]

Thanks for your help guys, I'll study the manual for iptables in detail when I have the time, do you know of some ready made firewall scripts in the net, something to serve as samples as I learn how to tweak with iptables, I have used iptables but only the simple part

[cen]

OT

^^^ Wow! duha ka penguin ng-abot sa Istorya. mannyamador og javapenguin.

[higanstolsdawen]

im using red hat 9 for my firewall, squid for my proxy, and snort for intrusion prevention & detection. mau ne akung firewall settings, nabasahan ra ne nako sa libro. i dunno kung ideal ba ne nga settings.

# Firewall Proxy system IP address is 203.155.0.0 using Ethernet device eth0
# Private Network address is 192.168.0.0 using Ethernet device eth1
# modprobe iptable_filter
# turn off IP forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward
# Flush chain rules
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
# set default (policy) rules
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# IP spoofing, deny any packets on the internal network that has an external source address.
iptables -A INPUT -j LOG -i eth1 \! -s 192.168.0.0/24
iptables -A INPUT -j DROP -i eth1 \! -s 192.168.0.0/24
iptables -A FORWARD -j DROP -i eth1 \! -s 192.168.0.0/24
# IP spoofing, deny any outside packets (any not on eth1) that have the source address of the internal network
iptables -A INPUT -j DROP \! -i eth1 -s 192.168.0.0/24
iptables -A FORWARD -j DROP \! -i eth1 -s 192.168.0.0/24
# IP spoofing, deny any outside packets with localhost address
# (packets not on the lo interface (any on eth0 or eth1) that have the source address of localhost)
iptables -A INPUT -j DROP -i \! lo -s 127.0.0.0/255.0.0.0
iptables -A FORWARD -j DROP -i \! lo -s 127.0.0.0/255.0.0.0
# allow all incoming messages for users on the firewall system
iptables -A INPUT -j ACCEPT -i lo
# allow established and related outside communication to your system
# allow outside communication to the firewall except for ICMP packets
iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth0 -p \! icmp -j ACCEPT
# prevent outside initiated connections
iptables -A INPUT -m state --state NEW -i eth0 -j DROP
iptables -A FORWARD -m state --state NEW -i eth0 -j DROP
# allow all local communication to and from the firewall on eth1 from the local network
iptables -A INPUT -j ACCEPT -p all -i eth1 -s 192.168.0.0/24
# Set up masquerading to allow internal machines access to outside network
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# Accept ICMP Ping (0 and and Destination unreachable (3) messages
# Others will be rejected by INPUT and OUTPUT drop policy
iptables -A INPUT -j ACCEPT -p icmp -i eth0 --icmp-type echo-reply -d 203.155.0.0
iptables -A INPUT -j ACCEPT -p icmp -i eth0 --icmp-type echo-request -d 203.155.0.0
iptables -A INPUT -j ACCEPT -p icmp -i eth0 --icmp-type destination-unreachable -d 203.155.0.0
# Turn on IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

[javapenguin]

Has anyone of you read page 55 of the Aug-Sep 2006 issue of PC WORLD? It says Linux is no longer a safe operating system, it is vulnerable to virus attacks, what is your comment about this? Is Linux really not safe even with high firewall settings? In my experience I don't have any problem with viruses so far, I have a desktop with Suse Linux 10.0 with only the default firewall installed and so far it is still alive connected to the internet all the time.

[BadDudes]

im not sure about viruses ... trojan maybe ..