Hi Everybody,
I've set up a new server on redhat and as part of that I trolled the internet for how to use iptables and put together what I think is a reasonable firewall. But, I don't really know what I'm doing yet with iptables. I started by dropping all traffic then just enabling what I need. Anyone else do this? Any comments/tips/suggestions/etc would be appreciated. Here's my set of rules:
https://gist.github.com/4534512
If we get a good set together, we could distribute the script with webwork so people can easily set up a good firewall.
Thanks!
Jason
Hi Jason,
There's a "front end" to IP-tables called shorewall. It is all on the command line - there is no gui. We have used shorewall, and it is easy to use. It has some simple commands to specify the traffic you want to allow. The rest will automatically be blocked.
On debian/ubuntu the ufw firewall is even simpler to use.
Lars.
Hi Jason,
The Lon-CAPA developers wrote a perl firewall script that works both in rpm based and deb based systems:
Perhaps it can be adapted to webwork?
Lars.
Hi Lars,
Thanks for the tips. I like the idea of shorewall or ufw, but I tried to go with something purely iptables so it would be cross-platform. The lon-capa approach does look really intriguing.
Thanks again,
Jason
Thanks for the tips. I like the idea of shorewall or ufw, but I tried to go with something purely iptables so it would be cross-platform. The lon-capa approach does look really intriguing.
Thanks again,
Jason
FWIW, Redhat packs in with a GUI for managing iptables.
You can run system-config-firewall, and it will generate the iptables config file.
One other comment: your iptables config doesn't allow connections for lighttpd if it is being used for static images. This is something to consider.
Danny