Hi all,
My Bubba|Two is currently working plugged as an internal LAN server.
I installed Gallery2 on it. So far, so good
I am planning to using it as a router.
I am pretty new with iptables. So I am searching some kind of tools to help me to configure iptables.
What kind of front-end for iptables are you using ?
Thanks in advance
jmv
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
[Question] Front-end for iptables
I can recommend Shorewall (http://www.shorewall.net/) which is a bit easier to configure. It is still all text files so it is an advanced tool. Seems to be available in the standard repo.
I haven't tried it on my bubba so I don't know how well it works with the rest of the system.
I haven't tried it on my bubba so I don't know how well it works with the rest of the system.
Shorewall is OK, but the latest versions load an absolutely ridiculous amount of modules. This may provide belt-and-braces security (at least the illusion thereof) but it may also degrade the performance of your system.Xnij wrote:I can recommend Shorewall (http://www.shorewall.net/) which is a bit easier to configure. It is still all text files so it is an advanced tool. Seems to be available in the standard repo.[..]
An alternative approach is to use the system *without* a firewall, while making sure that no services are exposed to the outside world.
Run as root
Code: Select all
netstat -pan --inet
Now, in many cases, it is possible to improve this by making services listen only to the local network (not to the "outside world"). Many services have options to do this. In fact I'd like to suggest to the Excito people that they explore this.
Once you have stopped access to all services that you don't want to offer outside your network, you can use some very simple iptables rules to cover cases that you might have overlooked. That is a kind of "extra security". Basically, a system should be secure by itself without a firewall.
See the classic article (it needs updating of course, but the basic ideas are still 100% OK)
http://www.rootprompt.org/article.php3?article=903
/jws
Thanks.Xnij wrote:I can recommend Shorewall (http://www.shorewall.net/)
I will have a look.