Software projects/OS/Slackware/Advanced usage/Firewall - Pandora Wiki

Firewall

  • I shipped some default firewall configurations for eth0, wlan0 and usb0. I generated them using the easy firewall generator.
  • I didn't test them, so it's up to you to check it, running services, using nmap from another computer etc..
  • If you want to use a firewall, ie. for eth0, then do:
cp /etc/rc.d/rc.firewall.eth0 /etc/rc.d/rc.firewall
chmod 700 /etc/rc.d/rc.firewall
chmod +x /etc/rc.d/rc.firewall
/etc/rc.d/rc.firewall start

Gateway

  • To use the OP as a simple gateway
chmod +x /etc/rc.d/rc.ip_forward
/etc/rc.d/rc.ip_forward start

NAT Router

  • It also uses a /etc/rc.d/rc.firewall script.
  • I don't provide any because everyone have a different setup.
  • Create it yourself with the easy firewall generator.
  • Then save it as /etc/rc.d/rc.firewall and do this:
chmod 700 /etc/rc.d/rc.firewall
chmod +x /etc/rc.d/rc.firewall
/etc/rc.d/rc.firewall start

QoS

  • For now, a recompiled kernel is necessary.
  • A basic setting consists of packet mangling who changes the ToS field in the packets, through rc.firewall rules. A simple example:
iptables -A PREROUTING -t mangle -p tcp --sport ftp -j TOS --set-tos Minimize-Delay
iptables -A PREROUTING -t mangle -p tcp --dport ftp -j TOS --set-tos Minimize-Delay
iptables -A PREROUTING -t mangle -p tcp --sport ftp-data -j TOS --set-tos Maximize-Throughput
iptables -A PREROUTING -t mangle -p tcp --dport ftp-data -j TOS --set-tos Maximize-Throughput
  • A more advanced setup makes use of dedicated kernel modules. The most known script is the outdated wondershaper.
Top