| Dieser Inhalt in deutsch |

Debian - setting up a simple firewall

Goal

Install a simple firewall. I have used Debian Lenny.

Installation an Configuration

# apt-get install arno-iptables-firewall
Message (translated):

A simple firewall configuration can be created by answering a few questions. This option should choose those who are not familiar with firewall-related topics (like me).

If you do not want this, the firewall will not work until you edit the configuration manually.

Would you like to manage the firewall configuration with debconf?
Selection: yes

Message (translated):

The external interfaces connect this system with unsecured networks (eg the Internet). The firewall will only allow connection requests at these interfaces that correspond to explicitly allow Quell-/Ziel-Port-Kombinataionen. You must specify all external interfaces (such as eth0 and / or ppp0).

For a ppp-interface that does not yet exist, the wildcard 'ppp +' can be used. However, this is only possible if no other ppp interfaces are available!

If no interfaces are specified, no firewall configuration is performed.

Multiple interfaces must be separated with spaces.

External interface:

Input: eth0

Message (translated):

In the default firewall configuration, all specified connection requests to the external network interface will be rejected. If this system offers services to the outside world (eg the Internet), this must be explicitly aktivert.

Please enter all the TCP port number of services to be accessed from outside the. Some commonly used ports are: 80 (http), 443 (https) or 22 (ssh).

In addition to individual port and whole areas can be specified (eg 10000:11000). Multiple entries must be separated by spaces.

If you are unsure, enter anything here.

Open external TCP ports

Input: 80,137,138,139
Note: The system is a web server and provides access via Samba on.

Message (translated):

In the default firewall configuration, all incoming connection requests to the external network interface will be rejected. If this system offers services to the outside world (eg the Internet), this must be explicitly enabled.

Please enter all UDP port numbers to services to be accessed from outside the.

In addition to individual port numbers and whole areas can be specified (eg 10000:11000). Multiple entries must be separated by spaces.

If you are unsure, enter anything here.

Open external UDP ports:

Input: 137 138 139
Note: The system offers access via Samba.

Message (translated):

The internal network interface to connect this system to trusted networks (eg home or office network., The firewall will allow traffic from these networks. Become such interfaces specified, it is possible to allow internet access for networks on these interfaces. If no such interfaces are present, this field should be left blank.

Multiple interfaces must be separated with spaces.

Internal network interface

Input: - no entry -

Message (translated):

For safety reasons, the (new) firewall configuration is not automatically enabled. You may want a manual inspection of the firewall configuration in /etc/arno-iptables-firewall/firewall.conf perform, especially if you are upgrading to a new version, because configuration variables might have changed.

If you want a firewall configuration vr manually load the next reboot, run 'invoke-rc.d arno-iptables-firewall start' from.

If you do not want manual inspection, the firewall configuration can now be loaded.

The firewall should now be (re)started?

Selection: yes

The system operates.

It appears again this message:

For safety reasons, the (new) firewall configuration is not automatically enabled. You may want a manual inspection of the firewall configuration in / etc / arno-iptables-firewall / firewall.conf perform, especially if you are upgrading to a new version, because configuration variables might have changed.

If you want a firewall configuration vr manually load the next reboot, run 'invoke-rc.d arno-iptables-firewall start' from.

If you do not want manual inspection, the firewall configuration can now be loaded.

The firewall should now be (re) started?

Selection: yes

Message: All firewall rules applied.

View/Change settings

In /etc/arno-iptables-firewall/debconf.cfg you can see the settings change if necessary.

Restart/Apply changes at firewall

# /etc/init.d/arno-iptables-firewall restart