basic firewall rules for iptables

**zebul666** · 02-20-2004, 02:07 PM

hello,
while it is pretty easy to configure an ADSL/pppoe connection, there is no rules for iptables.

It would have make sense to set up a basic firewall while configuring an adsl connection, would'nt it ?

And furthermore, maybe i'am wrong but when i save my KNOPPIX configuration it does _not_ include the /var/lib/iptables/active and /var/lib/iptables/inactive files. Hey the /var/lib/iptables dir does not even exist by default. You have to create it !!

for example

Code:

# Generated by iptables-save v1.2.9 on Fri Feb 20 14:00:16 2004
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [474:71447]
:firewall - [0:0]
-A INPUT -j firewall
-A firewall -m state --state RELATED,ESTABLISHED -j ACCEPT
-A firewall -i ! ppp0 -m state --state NEW -j ACCEPT
-A firewall -j DROP
COMMIT
# Completed on Fri Feb 20 14:00:16 2004

**Fabianx** · 02-24-2004, 06:15 PM

Originally Posted by zebul666

hello,
while it is pretty easy to configure an ADSL/pppoe connection, there is no rules for iptables.

It would have make sense to set up a basic firewall while configuring an adsl connection, would'nt it ?

And furthermore, maybe i'am wrong but when i save my KNOPPIX configuration it does _not_ include the /var/lib/iptables/active and /var/lib/iptables/inactive files. Hey the /var/lib/iptables dir does not even exist by default. You have to create it !!

for example

Code:

# Generated by iptables-save v1.2.9 on Fri Feb 20 14:00:16 2004
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [474:71447]
:firewall - [0:0]
-A INPUT -j firewall
-A firewall -m state --state RELATED,ESTABLISHED -j ACCEPT
-A firewall -i ! ppp0 -m state --state NEW -j ACCEPT
-A firewall -j DROP
COMMIT
# Completed on Fri Feb 20 14:00:16 2004

Hi,

feel free to send a patch to debian-knoppix@linuxtag.org for saveconfig ...

The sources can be found on: http://developer.linuxtag.net/knoppix/

cu

Fabian

**Carlos_E_Morimoto** · 03-02-2004, 02:01 PM

Hi Fabianx, I have done an firewall script generator in Xdialog for Kurumin, he works like an wizard: ask some questions and afther that generate the firewal script.

http://www.guiadohardware.net/linux/...irewall-ativar

**c123** · 03-02-2004, 02:56 PM

looks like a worthy addition to the CD...

**Neo-Rio** · 04-07-2004, 07:00 AM

I agree.

While a firewall script isn't so necessary for just booting Knoppix from the CD drive... AFTER A HD INSTALL it would make perfect sense to have one already set up.

I know a few people who are clusers (clueless users) who have HD installs, and there is no firewall set up for them by default.

As far as Knoppix install is concerned, it has to be the easiest Linux install I have ever done. So two thumbs up....!

Now for this firewall please.........