Ham Blowfist Posted July 3, 2006 Report Share Posted July 3, 2006 I'm playing with Xubuntu 6.06 (Xfce 4.3.90.2) on an old 750 MHz AMD machine,and it doesn't seem to come with any simple way to configure a firewallfor my dial-up Internet.My solution (for now) was to add these lines to /etc/rc.local(copied/pasted from a help file included with the distro.)Putting them there was just a shot-in-the-dark on my part.## Insert connection-tracking modules (not needed if built into kernel).# insmod ip_conntrack# insmod ip_conntrack_ftp ## Create chain which blocks new connections, except if coming from inside.iptables -N blockiptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPTiptables -A block -m state --state NEW -i ! ppp0 -j ACCEPTiptables -A block -j DROP ## Jump to that chain from INPUT and FORWARD chains.iptables -A INPUT -j blockiptables -A FORWARD -j blockIt seems to work. I get good results from those on-line port scanning sites.But I would like some opinions/advice please:1. Is there a better place to put this other than /etc/rc.local?(for example, if I added an ethernet card in the future, could the script startfiltering too late, after the card was initialized and accepting traffic.)2. Do you think this is adequate in a home/desktop/dial-up setting?(Is there anything inherently wrong with these commands?)3. I've used Guarddog in the past (on RedHat 9) and really liked it.But there's no version available for "Dapper Drake". I guess it hasn't been updated in a while.What other Guarddog-like program could I be using?I'm trying to figure out iptables - but it seems pretty complicated.(not that there's anything wrong with that.)Thanks for any help you can give. Quote Link to post Share on other sites
naraku9333 Posted July 3, 2006 Report Share Posted July 3, 2006 I've used Firestarter in the past. Quote Link to post Share on other sites
hitest Posted July 3, 2006 Report Share Posted July 3, 2006 I'm running Lokkit on my Ubuntu 6.06 box. It is very simple to set-up with apt-get:Lokkit set-up Quote Link to post Share on other sites
shanenin Posted July 3, 2006 Report Share Posted July 3, 2006 (edited) I am really surprised guarddog is not available with apt. None the less, you could easily build it using the tar file. Until i got my router, I always used guarddog, it was very simple to use. Edited July 3, 2006 by shanenin Quote Link to post Share on other sites
hitest Posted July 3, 2006 Report Share Posted July 3, 2006 I am really surprised guarddog is not available with apt. None the less, you could easily build it using the tar file. Until i got my router, I always used guarddog, it was very simple to use. Quote Link to post Share on other sites
Ham Blowfist Posted July 6, 2006 Author Report Share Posted July 6, 2006 Well, I enabled some repositories in Synaptic (installed by default, but not enabled)now there's Lokkit, Guarddog, Firestarter, and several other firewall tools available.Also found out the proper method to install my own iptables script,and ensure it loads before any network adapters are initialized.So I have many choices. (too many)Still, I think they could have included at least one of these tools with Xubuntu. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.