Difference between revisions of "Software projects/OS/Slackware/Advanced usage/Firewall"
From Pandora Wiki
Linux-SWAT (talk | contribs) (→QoS) |
Linux-SWAT (talk | contribs) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
= Firewall = | = Firewall = | ||
* I shipped some default firewall configurations for eth0, wlan0 and usb0. I generated them using the [http://connie.slackware.com/~alien/efg/ easy firewall generator]. | * I shipped some default firewall configurations for eth0, wlan0 and usb0. I generated them using the [http://connie.slackware.com/~alien/efg/ easy firewall generator]. | ||
− | * I didn't test them | + | * I didn't test them, so it's up to you to check it, running services, using nmap from another computer etc.. |
* If you want to use a firewall, ie. for eth0, then do: | * If you want to use a firewall, ie. for eth0, then do: | ||
cp /etc/rc.d/rc.firewall.eth0 /etc/rc.d/rc.firewall | cp /etc/rc.d/rc.firewall.eth0 /etc/rc.d/rc.firewall | ||
+ | chmod 700 /etc/rc.d/rc.firewall | ||
chmod +x /etc/rc.d/rc.firewall | chmod +x /etc/rc.d/rc.firewall | ||
/etc/rc.d/rc.firewall start | /etc/rc.d/rc.firewall start | ||
Line 31: | Line 18: | ||
* Create it yourself with the [http://connie.slackware.com/~alien/efg/ easy firewall generator]. | * Create it yourself with the [http://connie.slackware.com/~alien/efg/ easy firewall generator]. | ||
* Then save it as /etc/rc.d/rc.firewall and do this: | * Then save it as /etc/rc.d/rc.firewall and do this: | ||
+ | |||
+ | chmod 700 /etc/rc.d/rc.firewall | ||
chmod +x /etc/rc.d/rc.firewall | chmod +x /etc/rc.d/rc.firewall | ||
/etc/rc.d/rc.firewall start | /etc/rc.d/rc.firewall start | ||
Line 42: | Line 31: | ||
iptables -A PREROUTING -t mangle -p tcp --dport ftp-data -j TOS --set-tos Maximize-Throughput | iptables -A PREROUTING -t mangle -p tcp --dport ftp-data -j TOS --set-tos Maximize-Throughput | ||
* A more advanced setup makes use of dedicated kernel modules. The most known script is the outdated [http://lartc.org/wondershaper/ wondershaper]. | * A more advanced setup makes use of dedicated kernel modules. The most known script is the outdated [http://lartc.org/wondershaper/ wondershaper]. | ||
+ | |||
+ | |||
+ | [[Category:Network]] | ||
+ | [[Category:Security]] | ||
+ | [[Category:Slackware]] | ||
+ | [[Category:System]] |
Latest revision as of 01:27, 6 May 2012
Contents
Firewall
- I shipped some default firewall configurations for eth0, wlan0 and usb0. I generated them using the easy firewall generator.
- I didn't test them, so it's up to you to check it, running services, using nmap from another computer etc..
- If you want to use a firewall, ie. for eth0, then do:
cp /etc/rc.d/rc.firewall.eth0 /etc/rc.d/rc.firewall chmod 700 /etc/rc.d/rc.firewall chmod +x /etc/rc.d/rc.firewall /etc/rc.d/rc.firewall start
Gateway
- To use the OP as a simple gateway
chmod +x /etc/rc.d/rc.ip_forward /etc/rc.d/rc.ip_forward start
NAT Router
- It also uses a /etc/rc.d/rc.firewall script.
- I don't provide any because everyone have a different setup.
- Create it yourself with the easy firewall generator.
- Then save it as /etc/rc.d/rc.firewall and do this:
chmod 700 /etc/rc.d/rc.firewall chmod +x /etc/rc.d/rc.firewall /etc/rc.d/rc.firewall start
QoS
- For now, a recompiled kernel is necessary.
- A basic setting consists of packet mangling who changes the ToS field in the packets, through rc.firewall rules. A simple example:
iptables -A PREROUTING -t mangle -p tcp --sport ftp -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p tcp --dport ftp -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p tcp --sport ftp-data -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p tcp --dport ftp-data -j TOS --set-tos Maximize-Throughput
- A more advanced setup makes use of dedicated kernel modules. The most known script is the outdated wondershaper.