Firewall: Difference between revisions

From Wildsong
Jump to navigationJump to search
Brian Wilson (talk | contribs)
mNo edit summary
Brian Wilson (talk | contribs)
mNo edit summary
Line 1: Line 1:
Debian packages
I already have webmin and fail2ban installed and working, just need an easy way to build and maintain a whitelist. And I need it today.
 
== Firewall management software ==
 
How about just starting with a simple whitelist / blacklist?
 
Some fancier options include


* shorewall
* "firewall builder"
* shorewall seems more complicated than learning iptables
* arno-iptables-firewall
* arno-iptables-firewall
* pyroman uses config files written in Python
* pyroman uses config files written in Python (ick)
 
=== Whitelists ===
 
http://www.powerpbx.org/content/simple-iptables-firewall-whitelist-blacklist-v1
 
touch /usr/local/etc/whitelist.txt
touch /usr/local/etc/blacklist.txt
 
=== Firewall Builder ===
 
BUILD STILL FAILS - this thing is obviously way too complicated for my needs.
 
Prerequisites, figuring this out is a thankless task


Looking at shorewall first, as I have heard of it already.
apt-get install qt4-dev-tools libxslt-dev ucd-snmp


I already have webmin and fail2ban installed and working, just need an easy way to build and maintain a whitelist. And I need it today.
Download source from SourceForge
 
./autogen.sh
./configure
make
# ...ignoring a million warning messages


== Shorewall ==
=== Shorewall ===


Instructions for installation are at http://www.shorewall.net/Install.htm
Instructions for installation are at http://www.shorewall.net/Install.htm

Revision as of 23:09, 11 November 2015

I already have webmin and fail2ban installed and working, just need an easy way to build and maintain a whitelist. And I need it today.

Firewall management software

How about just starting with a simple whitelist / blacklist?

Some fancier options include

  • "firewall builder"
  • shorewall seems more complicated than learning iptables
  • arno-iptables-firewall
  • pyroman uses config files written in Python (ick)

Whitelists

http://www.powerpbx.org/content/simple-iptables-firewall-whitelist-blacklist-v1

touch /usr/local/etc/whitelist.txt
touch /usr/local/etc/blacklist.txt

Firewall Builder

BUILD STILL FAILS - this thing is obviously way too complicated for my needs.

Prerequisites, figuring this out is a thankless task

apt-get install qt4-dev-tools libxslt-dev ucd-snmp

Download source from SourceForge

./autogen.sh
./configure
make
# ...ignoring a million warning messages

Shorewall

Instructions for installation are at http://www.shorewall.net/Install.htm

wget http://www.shorewall.net/pub/shorewall/5.0/shorewall-5.0.1/shorewall-core-5.0.1.1.tg
wget http://www.shorewall.net/pub/shorewall/5.0/shorewall-5.0.1/shorewall-5.0.1.1.tgz
tar xzvf shorewall-core-5.0.1.1.tgz
tar xzvf shorewall-5.0.1.1.tgz
cd shorewall-core-5.0.1.1
cp shorewallrc.debian.systemd shorewallrc
sudo install.sh
cd ..
cd shorewall-5.0.1.1
cp shorewallrc.debian.systemd shorewallrc
sudo install.sh
/sbin/shorewall version


Now if you go connect to Webmin you should see this version of Shorewall under "Network".