Default firewall in etch

Chris Lale <chrislale@untrammelled.co.uk> wrote:

Marc D Ronell wrote:
> Hi,
>
> What is Etch using as its default firewall? How do I change that
> firewall's settings?
>
> I am seeking a pointer to the right manual.
>
> Thanks,
>
> marc
>
>

If you just want a personal firewall for a PC, try Guarddog - see
http://newbiedoc.berlios.de/wiki/Setting_up_a_personal_firewall_on_Debian_using_Guarddog
.

You can give a try to fwbuilder, too.

---
Franck

What kind of emailer are you? Find out today - get a free analysis of your email personality. Take the quiz at the Yahoo! Mail Championship.

On Thu, 2007-02-01 at 09:57 +0000, Chris Lale wrote:
> Marc D Ronell wrote:
> > Hi,
> >
> > What is Etch using as its default firewall? How do I change that
> > firewall's settings?
> >
> > I am seeking a pointer to the right manual.
> >
> > Thanks,
> >
> > marc
> >
> >
>
> If you just want a personal firewall for a PC, try Guarddog - see
> http://newbiedoc.berlios.de/wiki/Setting_up_a_personal_firewall_on_Debian_using_Guarddog
> ..
>
> --
> Chris.
>
>

Another simple solution is arno-iptables-firewall. It's in testing, but
I use it on Sarge without problems.

--
Szia:
Nyizsa.

----------------------------------------------------------------------
Save Money On Your Health Insurance
Compare multiple insurance quotes to save with NetQuote's free service
http://tags.bluebottle.com/fc/MhtYWUi3V9vlzhTOPJez2X3TP8KwWxcuRb9uI/

--

Marc D Ronell <mronell@alumni.upenn.edu> wrote:

Hi,

Thanks for all of the suggestions. Isn't there a *default* firewall
install when you setup a basic version of etch? If I didn't
specifically install a firewall, does that mean that there is
currently no firewall setup?

I am happy to write and work with iptables using a script from
/etc/init.d, but I thought etch might have a *default* firewall
pre-configured? Maybe not? :).

Thanks,

marc

I do not think there is a default firewall ; in any case, I have never heard about it.
The default policy is ACCEPT for all iptables chains.

--
Franck

All New Yahoo! Mail – Tired of unwanted email come-ons? Let our SpamGuard protect you.

On Thu, Feb 01, 2007 at 07:32:01AM -0500, Marc D Ronell wrote:
>
> Hi,
>
> Thanks for all of the suggestions. Isn't there a *default* firewall
> install when you setup a basic version of etch? If I didn't
> specifically install a firewall, does that mean that there is
> currently no firewall setup?
>
> I am happy to write and work with iptables using a script from
> /etc/init.d, but I thought etch might have a *default* firewall
> pre-configured? Maybe not? :).
>
Ummm, iptables *is* the default firewall.

Regards,

-Roberto

--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com

On Thu, Feb 01, 2007 at 07:32:01AM -0500, Marc D Ronell wrote:
>
> Hi,
>
> Thanks for all of the suggestions. Isn't there a *default* firewall
> install when you setup a basic version of etch? If I didn't
> specifically install a firewall, does that mean that there is
> currently no firewall setup?
>
> I am happy to write and work with iptables using a script from
> /etc/init.d, but I thought etch might have a *default* firewall
> pre-configured? Maybe not? :).
>

Default is no firewall.

The raw netfilter is part of the kernel but it does not filter anything
out by default.

Before you write your own, please look at shorewall. It is __much__
easier to configure and you don't lose any control over what is
happening. The docs are first rate too.

Doug.

--

On Thu, Feb 01, 2007 at 07:32:01AM -0500, Marc D Ronell wrote:
>
> Hi,
>
> Thanks for all of the suggestions. Isn't there a *default* firewall
> install when you setup a basic version of etch? If I didn't
> specifically install a firewall, does that mean that there is
> currently no firewall setup?
>

There is no "firewall" and you seem to be using it in the Windows
sense. In debian (and other *n*x) there isn't necessarily a *need* for
a firewall. A firewall on a standalone computer does one thing: blocks
outside access to any open ports on the machine. If there are no open
ports, or if the open ports are properly secured, then there is no
need for a firewall. In the windows world there are many default
insecure ports that need protection. Not so true in debian.

That said, a firewall certainly won't hurt. Look at what services you
need to have access to from the outside world and how someone might
gain access to them to determine what you need. If you have no need to
get at the machine from the outside world, then make sure all those
things (ssh, ftp, http, whatever) are turned off (many are off by
default). If you want the added assurance of having iptables DROP or
DENY packets then by all means set up shorewall.

> I am happy to write and work with iptables using a script from
> /etc/init.d, but I thought etch might have a *default* firewall
> pre-configured? Maybe not? :).
>

you might get more pointed assistance if you provide details as to
what you are really after here. What is this machine used for? how is
it connected to the net? etc.etc.

A

Em Qui, 2007-02-01 às 07:32 -0500, Marc D Ronell escreveu:
> Hi,
>
> Thanks for all of the suggestions. Isn't there a *default* firewall
> install when you setup a basic version of etch? If I didn't
> specifically install a firewall, does that mean that there is
> currently no firewall setup?
>

If you installed only the services you need, there is no need for a
firewall for a PC, you only need some iptables set-up if you use your
computer as a firewall for some LAN.

In my opinion the Debian position: no personal firewall is the correct
one. It avoids a LOT of problems when you install a new service which
does not seem to bea ccesible, just because of a stupid automatic
iptables configuration.

Michel.

On 2/1/07, Marc D Ronell wrote:
>
> Hi,
>
> Thanks for all of the suggestions. Isn't there a *default* firewall
> install when you setup a basic version of etch? If I didn't
> specifically install a firewall, does that mean that there is
> currently no firewall setup?
>
> I am happy to write and work with iptables using a script from
> /etc/init.d, but I thought etch might have a *default* firewall
> pre-configured? Maybe not? :).
>

I think not :)

I use this script which is really easy to configure

http://linux.go2linux.org/?q=node/3

and also if you want more security and also be able to enter your site
with ssh, you can read this.

http://linux.go2linux.org/?q=node/6

hope it helps.

regards,

--
Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."
(Using FC6, CentOS4.4 and Ubuntu 6.06)
http://feeds.feedburner.com/go2linux
http://www.go2linux.org

--

On Thu, Feb 01, 2007 at 09:40:42AM -0500, celejar wrote:
> On 1/31/07, Marc D Ronell wrote:
> >
> >Hi,
> >
> >What is Etch using as its default firewall? How do I change that
> >firewall's settings?
>
> As others have pointed out, no firewall is configured by default.
> Iptables is the kernel code that provides packet filtering but isn't
> in and of itself a firewall; all firewall packages in linux, AFAIK,
> are programs / scripts that create iptable rule sets for you. As you

AIUI, iptables *is* the firewall. Shorewall provides scripts which create
rules. Not sure what Guarddog/Smoothwall etc do but I'm guessing they do
much the same thing.

So a firewall is a "set of rules + iptables"? When is a firewall not a
firewall? :-) Or are we "splitting hairs"?

--
Chris.
======
Don't forget to check that your /etc/apt/sources.lst entries point to
etch and not testing, otherwise you may end up with a broken system once
etch goes stable.

--