From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-user+bounces-167883-garchives=archives.gentoo.org@lists.gentoo.org> Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 3A8CC13888F for <garchives@archives.gentoo.org>; Wed, 7 Oct 2015 05:46:33 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6411221C01B; Wed, 7 Oct 2015 05:46:24 +0000 (UTC) Received: from mail-wi0-f182.google.com (mail-wi0-f182.google.com [209.85.212.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3964CE07D5 for <gentoo-user@lists.gentoo.org>; Wed, 7 Oct 2015 05:46:23 +0000 (UTC) Received: by wiclk2 with SMTP id lk2so11745249wic.1 for <gentoo-user@lists.gentoo.org>; Tue, 06 Oct 2015 22:46:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=jFLgOf3PpsNktzcc9Ja4y+T34NRPbMgKNfqi23PSXGo=; b=lFa0QEB9JV0A2nkOqehAkiVSh9GHH+Ze+o7eaNGBAb6xLIX7Zq/+YDpotm8+YOhIhY KkiIfhiYB5OoIrmilEQsDb+KelIy4qh/rSDSHjrLtt2ThUM5lcUH/Eh3wokdMJEiYd/C qDogfEvc2SiBU2xqV3ozsMHGNPrSaWkfIB1QRUeB6C1qbvrpNKGXAJK0Ym1jth7mo2cs iuoc1XEm2VgrXi5j2UJWTDk03Q7lZelWf+yBeAGBp+bmL1LL/6NaXxQuS1QR/k7vKxRZ RTE7n9olVvhMn+akgDX6+efpJV/B5b8a9ML+VB/TMqiGcohWbBZznAZ4XOHrJ5Rx3x22 8CSg== X-Received: by 10.194.171.3 with SMTP id aq3mr40314968wjc.54.1444196781858; Tue, 06 Oct 2015 22:46:21 -0700 (PDT) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by smtp.gmail.com with ESMTPSA id hx4sm36765296wjb.31.2015.10.06.22.46.19 for <gentoo-user@lists.gentoo.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 06 Oct 2015 22:46:20 -0700 (PDT) From: Mick <michaelkintzios@gmail.com> To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] workstation iptables Date: Wed, 7 Oct 2015 06:46:07 +0100 User-Agent: KMail/1.13.7 (Linux/4.0.5-gentoo; KDE/4.14.8; x86_64; ; ) References: <loom.20151006T210434-749@post.gmane.org> In-Reply-To: <loom.20151006T210434-749@post.gmane.org> Precedence: bulk List-Post: <mailto:gentoo-user@lists.gentoo.org> List-Help: <mailto:gentoo-user+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-user.gentoo.org> X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2112051.QOy4DNc7Jl"; protocol="application/pgp-signature"; micalg=pgp-sha256 Content-Transfer-Encoding: 7bit Message-Id: <201510070646.15772.michaelkintzios@gmail.com> X-Archives-Salt: 370a1275-c0d3-48b1-90e6-222f7c482b18 X-Archives-Hash: ae054221ff963a3d6fd37a1cb420135d --nextPart2112051.QOy4DNc7Jl Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Tuesday 06 Oct 2015 20:14:59 James wrote: > Hello, >=20 > I just ran across this page: >=20 > http://gentoo-en.vfose.ru/wiki/Iptables/Iptables_and_stateful_firewalls#S= ta > te_basics >=20 > It has a basic firewall using iptables. > Not bad for a generic firewall on a openrc workstation. > What is the best way to auto lauch this sort of firewall.sh ? Start iptables, run the script, stop iptables with '/etc/init.d/iptables st= op'=20 which will save your rules to /var/lib/iptables/rules-save, or run 'iptable= s- save /var/lib/iptables/rules-save'. Add any sysctl changes to=20 /etc/sysctl.conf, so that they are permanent. Re-run the script if you wan= t=20 to change things in it. =20 > Any improvements in this basic workstation firewall > everything out, nothing in? Yes, but such improvements are suggested in subsequent scripts on the same= =20 page, e.g. ICMP handling, selective logging, etc. If all you want is "a ba= sic=20 firewall using iptables" for the IPv4 workspace, then what you have will do= =20 the job. > Any good tools to quickly test this firewall from another local > workstation? nmap -A -T4 -P0 -vvv -p1-65535 XXX.XX.XXX.XX =2D-=20 Regards, Mick --nextPart2112051.QOy4DNc7Jl Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAABCAAGBQJWFLGnAAoJELAdA+zwE4YeGqgH/1yK2XUdfGMhYnSLo+lSYwTL LDhNdmJ022VaNBCTAf2SZ9rhHAo5NcIe7/5t6/Uz6ktoHEgS+4XUG7CBz6b8HbS4 lrBi60NhSlp40Lu0Bal3m1d71I0rcINFMSY6y0Ug6YJbzfJQyZnu/tRE9cjc2nSV 1QoUJiPghorjyk0xl/6+BOW9BW18s1GgEWJNkkOQ5NiIlf091b0pg56pO62O/UCL SNaSYH23HYOEtur7rdrhP8gfz44u9tFagHkwECEKaJf9KEenaOWg7Goff2tgyaGv ipfYxRWOEYjVCcav9vR+dTeBDUTrDE4xraRV59jjBZArCGIbJVjkrKZG1lqfUfs= =smFU -----END PGP SIGNATURE----- --nextPart2112051.QOy4DNc7Jl--