ConfigurationAs you compile the programs from the source code, all configurations can be done as described in the documentation of each program. You should find the documentation of the programs on their websites. The programs are compiled with the configuration directory in /etc and program/data directory in /usr and /var. FirewallYou have to use iptables to setup your firewall. Create a script with your firewall rules in /var/firewall/ with the name firewall.sh Set the file permissions with chmod 700 /var/firewall/firewall.sh Start the script during boot with /etc/rc.local. Add the line /var/firewall/firewall.sh above the line with ifconfig or dhclient in the file /etc/rc.local /var/firewall/firewall.shRead the documentation of iptables to setup the firewall rules that you need. The following scripts are only examples. You are responsible for your firewall! A simple firewall script example #!/bin/sh IPTABLES=/usr/sbin/iptables # Deny access from outside. $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP # Permit anything going out. $IPTABLES -P OUTPUT ACCEPT # Flush (-F) all specific rules. $IPTABLES -F INPUT $IPTABLES -F FORWARD $IPTABLES -F OUTPUT # Allow connection to port 22 (SSH) from internet $IPTABLES -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
#!/bin/sh IPTABLES=/usr/sbin/iptables LANETH=eth1 WANETH=eth0 # Permit anything going out and drop input $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT ACCEPT # Flush (-F) all specific rules $IPTABLES -F INPUT $IPTABLES -F FORWARD $IPTABLES -F OUTPUT $IPTABLES -F -t nat $IPTABLES -A INPUT -i $WANETH -p udp -j ACCEPT $IPTABLES -A INPUT -i $WANETH -p icmp -j ACCEPT # Forward all packets from $LANETH (internal network) to $WANETH (the internet). $IPTABLES -A FORWARD -i $LANETH -o $WANETH -j ACCEPT # Forward packets that are part of existing and related connections from $WANETH to $LANETH. $IPTABLES -A FORWARD -i $WANETH -o $LANETH -m state --state ESTABLISHED,RELATED -j ACCEPT # Permit packets in to firewall itself that are part of existing and related connections. $IPTABLES -A INPUT -i $WANETH -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow connection to port 22 (SSH) from internet $IPTABLES -A INPUT -p tcp -i $WANETH --dport 22 -j ACCEPT # Allow all inputs to firewall from the internal network and local interfaces $IPTABLES -A INPUT -i $LANETH -s 0/0 -d 0/0 -j ACCEPT $IPTABLES -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT # Accept inputs from port 9000 and above $IPTABLES -A INPUT -p tcp -i $WANETH --dport 9000: -j ACCEPT # Enable SNAT functionality on $WANETH $IPTABLES -A POSTROUTING -t nat -o $WANETH -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward
© 2024 by
Elmar Hanlhofer |