Welcome to http://www.marssoft.de/
 
Tuesday, 11th December 2018 21:34:10 (GMT+1) 

Linux Firewall Setup (and VMWare NAT)

Good firewalls (most popular and powerful) seem to be:

  • fwbuilder: http://www.fwbuilder.org - build firewall rules for many firewalls, cross platform, with a very nice GUI
  • shorewall: http://www.shorewall.net - quite similar to fwbuilder in power and distribution, but UN*X-only cmdline-scripts without GUI
  • firestarter: http://www.fs-security.com - nice end-user firewall with GTK interface. Very simple but powerful, widespread

Setting up Firestarter for VMWare NAT

nano /etc/firestarter/configuration
# Name of internal network interface
INIF="vmnet1"
# --(Network Address Translation)--
# Enable NAT
NAT="off"
# Enable DHCP server for NAT clients
DHCP_SERVER="off"
# Forward server's DNS settings to clients in DHCP lease
DHCP_DYNAMIC_DNS="off"
# System log level
#LOG_LEVEL=warning
LOG_LEVEL=none
# Enable ToS filtering
FILTER_TOS="on"
# Apply ToS to typical client tasks such as SSH and HTTP
TOS_CLIENT="on"
# Apply ToS to Remote X server connections
TOS_X="on"

nano /etc/init.d/firestarter-mario

#!/bin/sh
#
# Re-Init file for the Firestarter firewall
#
# chkconfig: 2345 11 92
#
# description: Starts, stops, and lock the firewall
#
# Script Authors:
#	Mario Emmenlauer <mario@emmenlauer.de>
#
#
### BEGIN INIT INFO
# Provides:          firestarter
# Required-Start:    $syslog
# Required-Stop:     $syslog
# Should-Start:      $local_fs $network
# Should-Stop:       $local_fs $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: ReStart firewall
# Description:       Run firestarter-configured firewall script.
### END INIT INFO

. /lib/lsb/init-functions

FS_CONTROL="/etc/firestarter/firestarter.sh"
FS_CONFIG="/etc/firestarter/configuration"

[ -x /usr/sbin/firestarter ] || exit 0
[ -x $FS_CONTROL ] || exit 0
[ -s $FS_CONFIG ] || exit 0

RETVAL=0

start() {
	log_begin_msg "Enabling NAT, ReStarting the Firestarter firewall..."
	$FS_CONTROL stop > /dev/null
	perl -pi -e 's/(NAT\s*=\s*").*"/${1}on"/g' $FS_CONFIG
	$FS_CONTROL start > /dev/null
	RETVAL=$?
	if [ $RETVAL -eq 0 ]; then
		log_end_msg 0
	else
		log_end_msg 1
	fi
	return $RETVAL
}

stop() {
	log_begin_msg "Disabling NAT, Stopping the Firestarter firewall..."
	perl -pi -e 's/(NAT\s*=\s*").*"/${1}off"/g' $FS_CONFIG
	$FS_CONTROL stop > /dev/null
	RETVAL=$?
	if [ $RETVAL -eq 0 ]; then
		log_end_msg 0
	else
		log_end_msg 1
	fi
	return $RETVAL
}

# See how we were called.
case "$1" in
  start)
	start
	RETVAL=$?
	;;
  stop)
	stop
	RETVAL=$?
	;;
  *)
	log_success_msg "Usage: myfirestarter {start|stop}"
	exit 1
esac
exit $RETVAL
ls -la /etc/rc*.d/*firestarter* /etc/rc*.d/*vmware*
ln -s '../init.d/firestarter-mario' /etc/rc2.d/S99myfirestarter
ln -s '../init.d/firestarter-mario' /etc/rc2.d/K99myfirestarter
scratch/linux_firewall_setup.txt · Last modified: 2014/04/02 22:39 (external edit)