I need some firewall help, for starters.
At present, all I need open is SSH, WWW, and FTP.
I tried this: http://www.rexx.com/~dkuhlman/iptables_install.html but I'm installing on 3.0r1 with 2.2 kernel and got several error messages regarding incompatible kernel when I tried to start the firewall.
I'd like to upgrade to a newer kernel, but can't seem to find any help on how to do this easily using apt-get. I think if I'm using 2.4 or 2.6 my problem with the firewall will go away. I do not have physical access to the box I'm working on, so need to be able to do all of this without physical intervention, or even the risk of it. What's the safest way to upgrade a Debian kernel?
Also. Is there any sort of firewall that is real easy to configure, something like this:
[SuperEasyFirewall] Open=22,80,23 Blocked=22.23.34.43:[22,80] Closed=EverythingElse
I don't understand why a firewall config has to be four miles long and so dern complicated!
-Jared
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jared wrote: <snip/> | What's the safest way to upgrade a Debian kernel?
apt-get install kernel-image-2-6-8
| | Also. Is there any sort of firewall that is real | easy to configure, something like this: | | [SuperEasyFirewall] | Open=22,80,23 | Blocked=22.23.34.43:[22,80] | Closed=EverythingElse | | I don't understand why a firewall config has to be | four miles long and so dern complicated! | | -Jared
# clear the tables iptables -F # set the default for the INPUT chain to DROP iptables -I INPUT -j DROP -i eth0 # allow established and related connections iptables -I INPUT -j ACCEPT -i eth0 -m state --state ESTABLISHED,RELATED # Allow ports 22,23,80 iptables -I INPUT -j ACCEPT -i eth0 -p tcp --dport 22 iptables -I INPUT -j ACCEPT -i eth0 -p tcp --dport 23 iptables -I INPUT -j ACCEPT -i eth0 -p tcp --dport 80 # Allow localhost connections iptables -I INPUT -j ACCEPT -i lo # Block this IP on port 22 and 80 iptables -I INPUT -j DROP -i eth0 -p tcp --dport 22 -s 22.23.34.43 iptables -I INPUT -j DROP -i eth0 -p tcp --dport 80 -s 22.23.34.43
Chris - -- I digitally sign my emails. If you see an attachment with .asc, then that means your email client doesn't support PGP digital signatures. http://www.gnupg.org/(en)/documentation/faqs.html#q1.1
-
Chris Bier -
Don Erickson -
Jared