RE: [suse-security] frontend firewall
hi every one there, is someone know wich frontend terminal netfilter program could i use ?? I'm not sure if you mean text-mode only frontends with the word "terminal". You could check www.fwbuilder.org,
Hi, thank you for reply, effectivly i mean frontend from terminal and without X. I know well firewall builder and it s a really good program. My problem is as follow: I have an radio server wich i can access throw eth0 via internet. This server is used for ham radio applications, and in france we are allowed to do some experiments.. I would like to be able to manage my firewall on the server using just my ssh connection.. in order to restrict the hi speed radio connection on eth1. allong the days i will have to change the rules in order to accept access from differents clients.. It's why i'm looking an terminal frontend rule generator... Guillaume -----Message d'origine----- De : Andreas Baetz [mailto:lac01@web.de] Envoye : mardi 14 janvier 2003 14:45 A : Guillaume Devoyon; suse-security@suse.com Objet : Re: [suse-security] frontend firewall On Tuesday 14 January 2003 14:32, Guillaume Devoyon wrote: there is a (IMHO) good frontend which allows easy management of your rules on a system with X installed. Your firewall doesn't need X, just copy the script which is created by fwbuilder there. The tool even has a wizard to help you create the rules. Andreas
Hi! I don't use a frontend. I use SuSEfirewall and modified the /sbin/SuSEfirewall2 script. I added a chain to block users. Then I have a new variable in /etc/sysconfig/SuSEfirewall2 to edit and ca block specific IPs. Must be at the beginning of the script where iptables are initialized after the start command. First they are flushed, then they are set to disallow anything that's not allowed. I put it after: ############################################ # # # Now we begin to set the filter rules ... # # # ############################################ # Set default rules + flush # ############################# <snip> $IPTABLES -t mangle -X Put your rules here! For example: for IP in $FW_BLOCK_IP; do $IPTABLES -A INPUT -j "$DROP" -s $IP -d SERVERIP -i eth1 done Then add the line in /etc/sysconfig/SuSEfirewall2: FW_BLOCK_IP="1.2.3.4 2.3.4.0/16" Separate IP's or ranges with spaces! This blocks traffic to IP SERVERIP from networkdevice eth1. Philippe P.S.: Every rule that comes at the beginning will be processed and similar rules after that will not be processed. Don't block yourself as well! Try /sbin/SuSEfirewall2 stop /sbin/SuSEfirewall2 test All correct, no errors, then proceed? /sbin/SuSEfirewall2 stop /sbin/SuSEfirewall2 start to set new rules. A "restart" does not flush all rules everytime propper.
participants (2)
-
Guillaume Devoyon -
Philippe Vogel