====== Firewalls ======

  * [[Security]]
  * [[iptables]]
  * [[nmap]]
  * [[quicktables]]
  * [[ufw]]

==== iptables ====

I like using [[quicktables]] to setup a basic IPtables ruleset quickly.

=== Setting up a Firewall ===

Before setting up a firewall, it's a good idea to setup a cron job that will reset it in case something goes wrong.

== CentOS ==

CentOS by default does not save the ruleset on restart.

The system configuration is at ''/etc/sysconfig/iptables-config''

<code>*/5 * * * * /etc/init.d/iptables restart</code>

=== FTP ===

<code>
$iptables -A INPUT -p tcp --dport 20 -j ACCEPT
$iptables -A INPUT -p tcp --dport 21 -j ACCEPT
$iptables -A INPUT -p tcp --dport 50000:50400 -j ACCEPT
</code>

=== Netatalk ===

<code>
$iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 548 -j ACCEPT
</code>

=== Monit ===

<code>
$iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 2812 -j ACCEPT
</code>

=== Multicast DNS ===

The avahi daemon uses multicast DNS to advertise services on the network.

<code>
$iptables -A INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
$iptables -A OUTPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
</code>

=== Samba ===

<code>
$iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT
</code>

==== quicktables ====

You can use quicktables to quickly generate a simple firewall rules set.