Trace: firewall

This is an old revision of the document!

Table of Contents

Firewalls

IPfire

The office LAN uses IPfire, a Linux firewall distro.

iptables

I like using quicktables to setup a basic IPtables ruleset quickly.

Setting up a Firewall

Before setting up a firewall, it's a good idea to setup a cron job that will reset it in case something goes wrong.

CentOS

CentOS by default does not save the ruleset on restart.

The system configuration is at /etc/sysconfig/iptables-config 

*/5 * * * * /etc/init.d/iptables restart

FTP

$iptables -A INPUT -p tcp --dport 20 -j ACCEPT
$iptables -A INPUT -p tcp --dport 21 -j ACCEPT
$iptables -A INPUT -p tcp --dport 50000:50400 -j ACCEPT

Netatalk

$iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 548 -j ACCEPT
$iptables -A INPUT -p tcp -s 10.117.209.0/24 --dport 548 -j ACCEPT

Monit

$iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 2812 -j ACCEPT

Multicast DNS

The avahi daemon uses multicast DNS to advertise services on the network. 

$iptables -A INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
$iptables -A OUTPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT

Samba

$iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT

quicktables

You can use quicktables to quickly generate a simple firewall rules set.