Hi I run mine at runlevel 3. Just make sure you turn off EVERY service besides SSH. And make sure that your sshd_config is tight. I.e. make sure your sshd_config says PermitRootLogin no PermitEmptyPasswords no PasswordAuthentication no Use "netstat -e -e -v -p -l -n" to make sure you haven't left any services on. Nothing except sshd (port 22) should listening for a connectio. As an added precaution, make sure that all your firewall interfaces block traffic directly to them, EXCEPT ssh traffic from your designated firewall access machine. As for the rules.... I really recommend using fwbuilder (www.fwbuilder.org). It's a *really* useful graphical interface for managing complex sets of rules, and the Linux version is free to use. As well as outputting iptables rules sets, it can also generate rules for BSD and a few other platforms (Cisco?). I use it to manage our firewall which has 5 network cards in it. I then do this: 1. create an /etc/firewall directory and copy your rules (either hand-built or compiled from fwbuilder) into it. 2. Create an executable file called /etc/init.d/pre_firewall #!/bin/bash # # name: /etc/init.d/pre_firewall # desc: Cut off all IP traffice before we bring up the interfaces. Can't run the rules before the interfaces exist :( # case "$1" in start) echo -n "Clamping down all IPTABLES services: " iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP iptables -F iptables -X echo ;; *) echo "Usage: pre_firewall start" exit 1 esac 4. Create an executable file called /etc/init.d/firewall #!/bin/bash # # name: /etc/init.d/firewall # desc: calls the script to initialise the iptables firewall rules # on system startup # # NOTE!!!!!!!!!!! # CHANGE THIS NEXT LINE TO SAY WHATEVER YOUR RULES ARE CALLED!! FIREWALLRULES=/etc/firewall/Firewall.fw RETVAL=0 case "$1" in start) echo -n "Starting firewall services: " sh $FIREWALLRULES RETVAL=$? echo ;; *) echo "Usage: firewall start" exit 1 esac exit $RETVAL 5. Edit the above "FIREWALLRULES=/etc/firewall/Firewall.fw" to say whatever your iptables rules file is called. 6. Now add this into runlevel 3 as follows: ln -s /etc/init.d/pre_firewall /etc/init.d/rc3.d/S01pre_firewall ln -s /etc/init.d/firewall /etc/init.d/rc3.d/S07firewall Test that your rules are actually on by going "iptables -L". There's probably a cleaner way to do this (like by setting up chkconfig properly?) but hey, it works. :) There's also whole books out there on Linux Firewalls! Maybe I should read one sometime! I think O'Reilly safari bookshelf has some good ones. Go to http://safari.oreilly.com, sign up for a free 14 day trial and then pick one to read :) Cheers Mike

-----Original Message----- From: Invalid Addr3ss [mailto:invalid_addr3ss@excite.com] Sent: Sunday, 5 December 2004 7:57 p.m. To: suse-security@suse.com Subject: [suse-security] Firewall Run Level?

Hey All

I was wondering which run level to run a firewall/router? Run level 2 or 4. This will be a internet connected, (practice box). tksysv or ntsysv? Should I use the SuSEfirewall2, or write my own iptables?

All advise will help.

Thanks,

Invalind Addr3ss -- Q) What do you get when you mix a spammer with a hacker?

A) A Spacker

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here