firewall help

firewall help

Post by E.A » Wed, 06 Jun 2001 05:32:32



Hi,
       Is there a firewall for linux , that works like zone alarm , that is
whenever some program like netscape want's to access the internet , it asks
for my permission .
                                                Thanks
 
 
 

firewall help

Post by Dean Thompso » Thu, 07 Jun 2001 12:52:10


Hi!,

Quote:> Is there a firewall for linux , that works like zone alarm , that is
> whenever some program like netscape want's to access the internet , it asks
> for my permission .

Not that I know of.  Normally the packet is either rejected or accepted.
ZoneAlarm is basically built for the interactive user rather than for a server
environment.  Normally, these sorts of programs work in silence and do all the
firewall work in the background without anonying the user to the details.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

 
 
 

1. More FIrewall help??

Rob
Thank you very much fro your help!!
Unfortunatly I am still having problems. Because I am trying to understand
how this should work I have created my own /etc/rc.firewall. Now obviously I
would need more information in the real rc.firewall script, but I was hoping
to keep down to an absolute minimum for learning pourposes. So, here is what
I am working with:

*****
eth0 - 209.101.18.47                 (WAN side - Linux Firewall w IP masq
system)
eth1 - 192.168.0.1                      (LAN side - Linux Firewall w IP masq
system)
client - 192.168.0.131                (inside LAN - MS Windows 2000 pro)
*****

#!/bin/sh
## Flush out chains
ipchains -F

## Set default
/sbin/ipchains -P input DENY
/sbin/ipchains -P output REJECT
/sbin/ipchains -P forwardi DENY

## Enable forwading
echo "1" > /proc/sys/net/ipv4/ip_forward

## IP masqurading
/sbin/ipchains -A forward -i eth0 -s 192.168.0.0/24 -j MASQ

## FTP masqurading
/sbin/modprobe ip_masq_ftp

## Allow lan clients access to firewall
/sbin/ipchains -A input -i eth1 -s 192.168.0.0/24 -j ACCEPT
/sbin/ipchains -A output -i eth1 -d 192.168.0.0/24 -j ACCEPT

## HTTP on/off test
/sbin/ipchains -A input-i eth0 -s 0.0.0.0/0 80 -j ACCEPT
/sbin/ipchains -A output -i eth0 -d 192.168.0.0/0 80 -j ACCEPT

## END

OK...now that you have an idea of what I'm working with, here is my
frustration. Switching the default policies between DENY and ACCEPT works,
but of course I'd like to keep the default DENY.
If I change the default to DENY, then try to open tcp on port 80 it doesn't
work.
If I change the defult to ACCEPT, then try to close tcp on port 80 it
doesn't work

I also tried setting the default policies to ACCEPT and then inserted this
string:
/sbin/ipchains -A input -s 192.168.0.0./24 -p tcp -j DENY
Now this worked...but blocks the entire tcp protocol.

I feel like I'm missing some really elementry stage or concept somewhere. It
seems to me that if the policies are set to DENY, I should be able to open a
specific port, for a specific protocol, for a specific network...or
visa/versa. Thank you again for your help.

    Tim

2. PPP and gateway

3. firewall help?

4. API for identifying the DHCP server's IP address.

5. LINUX FIREWALL - HELP

6. STB 4400 Velocity?

7. ppp -nat / firewall help

8. IBM Linux Supercomputer

9. Firewall help needed please

10. Firewall help please. Pretty please.

11. firewall help

12. Samba, Sendmail, Firewall help me please

13. Need Firewall help - New at this