Shorewall

Discuss Networking
Post Reply
User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Shorewall

Post by Void Main »

Get a handle on iptables:

http://www.shorewall.net/

I have an old P100 with 3 NICs (DMZ setup) and I started running Shorewall as of yesterday. I really like it so far. If you are a webmin fan then you'll find shorewall configuration built right in to webmin. I didn't realize it until I had it all configured but I prefer to use vim for configuring this stuff anyhoo. Give it a try, you might like it.

Too bad it doesn't have FreeSWAN IPSEC VPN support. Oh well, I need to keep something manually configured to keep my sanity.

agent007
administrator
administrator
Posts: 254
Joined: Wed Feb 12, 2003 11:26 pm

Post by agent007 »

IS this frontend easy to use? On my standalone system, I wanted to create a rule
s that would allow only 'galeon', 'squid' and 'evolution' access to the internet and block every other app.....Would that be possible?

thanks.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

This does not block applications. I use Shorewall on a dedicated firewall machine and in order for it to block applications it would have to run on every machine that you wanted applications blocked on (unless you have a bit of magic I don't know about). I do recall such an app that could block applications. I believe it was robbed from, or was originally written for *BSD. I can't remember the name of it at the moment and would have to do some digging to see if I can find it if you are interested. I just can't think of a reason to block based on application.

agent007
administrator
administrator
Posts: 254
Joined: Wed Feb 12, 2003 11:26 pm

Post by agent007 »

VoidMain,

I think that blocking applications is the safest....I mean, afterall everything will be blocked and only the ones I want will get outboud access.....This way I dont have to worry about something in the background making a connection to the net..

If u do remember then, pls post.

thanks.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

I am more concerned with where the applications are going rather than which applications are used to get there but that's just me. I can see benefit in blocking certain applications. After all, IE is insecure so it would be great to only allow Mozilla for instance, in addition to restricting where it can go via normal firewall rules.

Now for the bad news. I can't for the life of me remember what the name of that application blocking was called and I've had no luck finding it in a search in a fair amount of searching. I can't even remember exactly where I was involved in the discussion of it. It seems like around a year ago that it came up in a discussion. Sorry...

X11
guru
guru
Posts: 676
Joined: Sun Jan 19, 2003 11:09 pm
Location: Australia
Contact:

Post by X11 »

It rules is all I can say, I set it up today.

Easy as hell, and its cool how it can be done in webmin (the way I do everything).

Post Reply