Re: firewall newbie questions
On Sat, 10 Apr 2004, Jonas Meurer wrote:
> hello, apart from some masquerading stuff for my dsl router I'm really
> new to the firewall topic, but anyway i now have to configure some.
[...]
> The special thing about this server is that it has 4 different ips on
> the devices eth0, eth0:0, eth0:1 and eth0:2, the first three in the
> same class C net, the forth in another. This way I workaround the two
> nameservers from different class c nets required by denic to set new
> nameserver entries for .de domains. My luck that my hosting center
> supports that *g*
Just a note: you would be better off trying to find a real secondary DNS
server, not faking it like this. Your system will be *much* more
reliable as a result. Most of these rules exist for good reasons. :)
[...]
> Now I'dd like to setup a firewall that allows full access to the ports
> I configure (21, 22, 25, 53, 80, 143, 443, 993, ...), and denies
> access to all other ports by default, but support to allow access to
> given ports based on dns/ip authentication.
>
> I already searched the files in /usr/shared/doc/iptables/ and lurked
> for some firewall frontends/scripts, but didn't find the right thing.
> fiaif looked nice first, but i didn't get the picture about how to
> configure it nice, and it blocked to much by default configuration for
> me (for example my non-standard ftp ports).
>
> maybe you can point me to the right docs or simply to the right
> firewall tools.
Well, I use and recommend the 'firehol' script for this sort of work.
It is quite simple to set up initially, but also very powerful and able
to integrate anything you want to do nicely.
It is packaged in testing and unstable, or trivial to backport as it has
no real dependencies other than bash, awk and so.
Daniel
--
Youth is happy because it has the capacity to see beauty. Anyone who keeps the
ability to see beauty never grows old.
-- Franz Kafka
Reply to: