View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Firewall?
Log in to Ask a Question

Firewall?

general

Can anyone help me out with this? I'm looking to create a simple iptables firewall that drops all packets on ports (and doesnt let traffic out on ports) except for one that I specifically open in the firewall.

All of the iptables firewall builders I have found are either way too complicated to figure out how to use or dont work right period.

Can anyone point me in the right direction (man pages dont help with crap), or, if you want to be nice write an example firewall script? :P

thanks!

4 Replies

This always works for me as a starting point, I think I got the link from some forums…

http://easyfwgen.morizot.net/gen/

-k

awesome, that was exactly what i needed.

[root@li5-11 firewall]# ./rc.firewall

Loading kernel modules …

modprobe: Can't open dependencies file /lib/modules/2.4.26-linode31-1um/modules.dep (No such file or directory)

modprobe: Can't open dependencies file /lib/modules/2.4.26-linode31-1um/modules.dep (No such file or directory)

modprobe: Can't open dependencies file /lib/modules/2.4.26-linode31-1um/modules.dep (No such file or directory)

modprobe: Can't open dependencies file /lib/modules/2.4.26-linode31-1um/modules.dep (No such file or directory)

modprobe: Can't open dependencies file /lib/modules/2.4.26-linode31-1um/modules.dep (No such file or directory)

net.ipv4.tcp_syncookies = 1

net.ipv4.conf.all.rp_filter = 1

net.ipv4.icmpechoignore_broadcasts = 1

net.ipv4.conf.all.acceptsourceroute = 0

net.ipv4.conf.all.secure_redirects = 1

net.ipv4.conf.all.log_martians = 1

Flushing Tables …

Create and populate custom rule chains …

Process INPUT chain …

Process FORWARD chain …

Process OUTPUT chain …

Load rules for nat table …

Load rules for mangle table …

hope those kernel modules werent anything special :o

the firewall seems to work, cause its not responding to pings and i can still connect to it lol.

woot :D

There's no modules.dep file because there aren't any modules. Loading of kernel modules is disabled inside a Linode - if we could load modules we could compromise the host - if we were that way inclined. Caker builds everything he thinks we'll need into his kernels - and he looks favourably on sensible requests for additions. If you want to be neat, you can check to see what modprobe was trying to load, confirm that functionality is in the kernel that you're using and then comment out the modprobe code.

firehol is nice too: http://firehol.sourceforge.net/. super simple and powerfull.

nice feature is you can test without worrying about being locked out. it gives 30 seconds to type 'commit' and if no response is given, it reinstates previous firewall rules (if any are already applied).

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct