Firewall: Difference between revisions
From Wildsong
Jump to navigationJump to search
Brian Wilson (talk | contribs) mNo edit summary |
Brian Wilson (talk | contribs) mNo edit summary |
||
| Line 1: | Line 1: | ||
I already have webmin and fail2ban installed and working, just need an easy way to build and maintain a whitelist. And I need it today. | |||
== Firewall management software == | |||
How about just starting with a simple whitelist / blacklist? | |||
Some fancier options include | |||
* shorewall | * "firewall builder" | ||
* shorewall seems more complicated than learning iptables | |||
* arno-iptables-firewall | * arno-iptables-firewall | ||
* pyroman uses config files written in Python | * pyroman uses config files written in Python (ick) | ||
=== Whitelists === | |||
http://www.powerpbx.org/content/simple-iptables-firewall-whitelist-blacklist-v1 | |||
touch /usr/local/etc/whitelist.txt | |||
touch /usr/local/etc/blacklist.txt | |||
=== Firewall Builder === | |||
BUILD STILL FAILS - this thing is obviously way too complicated for my needs. | |||
Prerequisites, figuring this out is a thankless task | |||
apt-get install qt4-dev-tools libxslt-dev ucd-snmp | |||
Download source from SourceForge | |||
./autogen.sh | |||
./configure | |||
make | |||
# ...ignoring a million warning messages | |||
== Shorewall == | === Shorewall === | ||
Instructions for installation are at http://www.shorewall.net/Install.htm | Instructions for installation are at http://www.shorewall.net/Install.htm | ||
Revision as of 23:09, 11 November 2015
I already have webmin and fail2ban installed and working, just need an easy way to build and maintain a whitelist. And I need it today.
Firewall management software
How about just starting with a simple whitelist / blacklist?
Some fancier options include
- "firewall builder"
- shorewall seems more complicated than learning iptables
- arno-iptables-firewall
- pyroman uses config files written in Python (ick)
Whitelists
http://www.powerpbx.org/content/simple-iptables-firewall-whitelist-blacklist-v1
touch /usr/local/etc/whitelist.txt touch /usr/local/etc/blacklist.txt
Firewall Builder
BUILD STILL FAILS - this thing is obviously way too complicated for my needs.
Prerequisites, figuring this out is a thankless task
apt-get install qt4-dev-tools libxslt-dev ucd-snmp
Download source from SourceForge
./autogen.sh ./configure make # ...ignoring a million warning messages
Shorewall
Instructions for installation are at http://www.shorewall.net/Install.htm
wget http://www.shorewall.net/pub/shorewall/5.0/shorewall-5.0.1/shorewall-core-5.0.1.1.tg wget http://www.shorewall.net/pub/shorewall/5.0/shorewall-5.0.1/shorewall-5.0.1.1.tgz
tar xzvf shorewall-core-5.0.1.1.tgz tar xzvf shorewall-5.0.1.1.tgz cd shorewall-core-5.0.1.1 cp shorewallrc.debian.systemd shorewallrc sudo install.sh cd .. cd shorewall-5.0.1.1 cp shorewallrc.debian.systemd shorewallrc sudo install.sh /sbin/shorewall version
Now if you go connect to Webmin you should see this version of Shorewall under "Network".
