Re: Laptop Firewalling

To: debian-user@lists.debian.org
Subject: Re: Laptop Firewalling
From: "Douglas A. Tutty" <dtutty@porchlight.ca>
Date: Wed, 21 Nov 2007 08:32:41 -0500
Message-id: <[🔎] 20071121133241.GB5984@titan.hooton>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20071121064915.GA8425@klein.moebius.net>
References: <[🔎] 20071121064915.GA8425@klein.moebius.net>

On Wed, Nov 21, 2007 at 01:49:15PM +0700, Klein Moebius wrote:
> Being on the road a lot with my trusted lappy, I'd like to get
> suggestions on the best solution for an iptables based firewall that
> needs to be easily reconfigurable for wireless, ethernet cable, and ppp.
> I should be able to apply rules on the fly using tools such as wireshark
> to identify mac address exclusions, etc, and hopefully would be ipv6
> capable. Any ideas?

You could look at shorewall.  It has a great set of docs in
shorewall-doc.

Your laptop has three potential interfaces: eth(cable), eth(wireless)
and ppp.  Do the two eth end up with different unit numbers? (I've never
used wireless).  From a firewall perspective, does it matter if at any
given time you're using a particular interface?  Assuming that you're
not forwarding, although perhaps the Nat config will change.

You could create a set of config files for each setup and write a script
that copies the correct set to /etc/shorewall then restarts shorewall.
Have the script start when an interface goes up.

Doug.

Reply to:

Follow-Ups:
- Re: Laptop Firewalling
  - From: Klein Moebius <klein.moebius@gmail.com>
- Re: Laptop Firewalling
  - From: Patter <steve@patter.mine.nu>

References:
- Laptop Firewalling
  - From: Klein Moebius <klein.moebius@gmail.com>

Prev by Date: Re: .xsession-errors servicetype
Next by Date: Re: Window Borders Disappear
Previous by thread: Re: Laptop Firewalling
Next by thread: Re: Laptop Firewalling
Index(es):
- Date
- Thread