Firewall / iptables configuration script
Tony Dietrich
td at transoft.demon.co.uk
Sun Jan 16 18:05:24 UTC 2005
On Sunday 16 Jan 2005 13:54, blank wrote:
> Alberto M R Davila wrote:
> >Hi All,
> >
> >Just installed FC2 with the latest 2.6.10 kernel... look good ;-) however,
> >since I did not install "X" I dont have any GUI support then not sure how
> >to configure manually (text based) the firewall/iptables... there are lots
> >of docs about that on internet, but while I read those I would like to
> >know which would be a good (meaning: working well and easy to use by
> >beginners) script/tool for that purpose ? I vaguely remember slackware
> >cames with a script like that...
> >
> >Basically, I would like to allow port 80 (http) and 8080 (TomCat)...
> >
> >Thanks, Alberto
> >
> >
> >
> >
> >__________________________________
> >Do you Yahoo!?
> >Take Yahoo! Mail with you! Get it on your mobile phone.
> >http://mobile.yahoo.com/maildemo
>
> i prefer and use Shorewall (www.shorewall.net) by Tom Eastep. It's
> great, easy to use and has tons of features for easy, safe firewall
> configuration. i'm sure there are many others, but this one has so well
> for me, i've not felt the need to stray (on linux that is).
>
> jb
A followup to this ....
If you don't have a X system on that box, Shorewall can be configured from any
other box on the network that DOES have a X system if you also install webmin
on the target system. Webmin has a pretty good Shorewall module.
Alternatively, just install the x libraries on the target system (you don't
have to configure the system display for X), then ssh -X into the target
system from any other machine that does have X.
This way there are a large number of GUI based iptables front-ends you can
use, including Firestarter.
Just make sure you don't block the ssh port on the target machine.
I prefer this last method, as it allows for a very secure way of accessing the
target systems firewall setup. And after all, if you are running a headless
system, you don't want to have to attach a monitor just to make a minor
change to the firewall setup!
--
Tony Dietrich
-------------
Neckties strangle clear thinking.
-- Lin Yutang
More information about the fedora-list
mailing list