Re: recommend hardware firewall
- From: Michael Miles <mmamiga6@xxxxxxxxx>
- Date: Mon, 05 Apr 2010 11:33:15 -0700
On 04/05/2010 10:15 AM, Mikkel wrote:
On 04/05/2010 11:51 AM, Michael Miles wrote:It looks like the default desktop config for firewall lets everything
On 04/05/2010 09:34 AM, Mikkel wrote:I usually use system-config-firewall, as the needs on my desktop and
On 04/05/2010 11:16 AM, Michael Miles wrote:It is all add on with windows
I'm not too bad with firewalls but I am used to more detailed firewallNot for the actual firewall, but there are different front-ends for
software.
I just came from the hell they call Win 7 and I was using Bitdefender
for the last couple of years.
I'm just using the firewall that comes with Fedora 12, is there better
firewall software out there.
configuring it. You can pick the one that works best for you, or
write your own firewall rules by hand.
The actual firewall is part of the kernel. What the firewall
software does is help you configure that firewall. When I played
with Windows, the firewall was an add-on - kind of an afterthought.
I don't know if this is still true.
Mikkel
I tell you my 4 core Phenom II 945 has more than doubled speed going
from Win 7 x64 to Fedora 12.
These front ends for the firewall in Fedora. Is there one in particular
the you use
Michael
laptop are fairly simple. I do have 2 sets of rules for the laptop,
depending on weather I am home or traveling. When I am home, the
network is behind a hardware firewall as well. But your needs may
differ from mine.
On a side note, if you want to see the firewall rules set up by the
front end, take a look a /etc/sysconfing/iptables and ip6tables. You
can also run "iptables -L" to see the rules currently in affect. The
iptables command will also let you modify rules without going
through a GUI.
Mikkel
through
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT esp -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 state NEW
udp dpt:mdns
ACCEPT udp -- anywhere anywhere state NEW
udp dpt:ipp
ACCEPT udp -- anywhere anywhere state NEW
udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW
udp dpt:netbios-dgm
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
This is my iptables file
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth+ -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d 224.0.0.251
-j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth+ -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
And ip6tables
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth+ -j ACCEPT
-A INPUT -m ipv6header --header ah -j ACCEPT
-A INPUT -m ipv6header --header esp -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d ff02::fb -j
ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p ipv6-icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth+ -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
COMMIT
Michael
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
- Follow-Ups:
- Re: recommend hardware firewall
- From: Bill Davidsen
- Re: recommend hardware firewall
- From: Rick Stevens
- Re: recommend hardware firewall
- References:
- recommend hardware firewall
- From: rfjones
- Re: recommend hardware firewall
- From: Jamie Bohr
- Re: recommend hardware firewall
- From: John Aldrich
- Re: recommend hardware firewall
- From: Michael Miles
- Re: recommend hardware firewall
- From: Tim
- Re: recommend hardware firewall
- From: Michael Miles
- Re: recommend hardware firewall
- From: Mikkel
- Re: recommend hardware firewall
- From: Michael Miles
- Re: recommend hardware firewall
- From: Mikkel
- recommend hardware firewall
- Prev by Date: Re: Grub-Menu takes ~30s to appear :/
- Next by Date: Re: CD/DVD automount in Fedora 12
- Previous by thread: Re: recommend hardware firewall
- Next by thread: Re: recommend hardware firewall
- Index(es):
Relevant Pages
|
