[techtalk] Simple Linux Firewall

ktb x.y.f at home.com
Thu Oct 12 19:56:24 EST 2000 

m20bi wrote:
> 
> Hi!
> 
> I'm building a WebDAV/DeltaV playground for a consultant on a Linux box of
> his -- part-time job for this part-time student. On my personal Gateway (W98
> SE), I use the ZoneAlarm freeware because I have a cable modem and the
> Gateway is always connected to the Internet. ZoneAlarm is a firewall for the
> masses -- just download, install and it works without any tweaking -- or
> much understanding on my part. <g> When I run the GRC Port Probe test
> www.grc.com) my Gateway, everything "shows" up as running in Stealth. Makes
> me happy.
> 
> Different story on the Linux box (which has its own cable connection to the
> net). It's interaction should be limited to the http (for serving and
> surfing), kibitz, irc (X-chat and BitchX) and maybe, maybe talk.  (No
> email -- I'm content to use Hotmail.) When I run the GRC Port Probe on the
> Linux box, ports 25 (SMTP) and 113 (IDENT) show up as Open. The other ports
> show up as Closed -- not Stealth.
> 
> Is there a simple utility I can slap on this Linux box -- similar to
> idiot-proof ZoneAlarm -- that will put all the superfluous ports in Stealth
> mode?
> 
> Barbara (using Linux since September 2000)
> 
> PS Do I need port 113 (IDENT) for IRC?
> 

One of the things you might do is get "pmfirewall" or "seawall."  Both
of these are scripts that will write your chains for you.  It's a quick
way of getting something up and you can add and subtract to the chains
as you learn.  There is also a hardening script called "Bastille", if I
got the spelling right.  It will help shore your system up.  

seawall -- http://seawall.sourceforge.net/
pmfirewall -- http://www.pointman.org/

There is also a book you can download online that is worth your while @
-
http://pages.infinit.net/lotus1/opendocs/book.htm

As an aside I found OpenBSD much easier to use as a firewall.  I find
ipf and nat easier to understand than ipchains and masquerade.
hth,
kent

-- 
________________________________________________________________
"Neurosis is the way of avoiding non-being by avoiding being." 
- Paul Tillich, American theologian (1886-1965).

More information about the Techtalk mailing list