Author: | Dave Kuhlman |
---|---|
Address: | dkuhlman@rexx.com http://www.rexx.com/~dkuhlman |
Revision: | 1.0a |
Date: | Feb. 10, 2004 |
Copyright: | Copyright (c) 2004 Dave Kuhlman. This documentation is covered by The MIT License: http://www.opensource.org/licenses/mit-license. |
Abstract
This document provides instructions on how to install Arno's IPtables-firewall on a Debian GNU/Linux system.
Arno's IPables-firewall script provides an easy to install and effective way to protect a Linux machine connected to the Internet. It also supports NAT (network address translation) and IP Masquerading, so that you can connect machines on your sub-net to the Internet through a single connection.
I use support for PPPoE from RoaringPenguin. If you use something else, then you will need to modify the start-up/boot script. See note below.
You can learn more about IPtables-firewall at: http://rocky.molphys.leidenuniv.nl/.
Down load and unroll IPTables-firewall.
Copy the configuration file to someplace in your /etc/ directory. Note that if you place it somewhere other than in /etc/ itself, you will need to modify the line in rc.iptables that refers to it.
Edit the configuration file at /etc/iptables-firewall.conf. There are comments in that file to guide you in making the needed changes. You can find additional help at http://rocky.molphys.leidenuniv.nl/. Click on "IPtables-firewall" and then "Help/Installation".
Copy rc.iptables to directory /etc/init.d/.
Put the following script in file /etc/init.d/inetconnection. Note that since I use RoaringPenguin support for PPPoE, I've also included the lines containing adsl-start and adsl-stop. If you use other support for PPPoE or connect in a different way, you will want to modify these lines.:
#! /bin/sh # # File to start an internet connection, a firewall (using # firestarter, and a router. # PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin NAME=inetconnection DESC="internet connection" set -e # Checks for config file first [ -r /etc/iptables/iptables-firewall.conf ] || exit 0 case "$1" in start) echo -n "Starting $DESC: " /etc/init.d/rc.iptables start > /dev/null 2>&1 adsl-start > /dev/null 2>&1 echo "$NAME." ;; stop) echo -n "Stopping $DESC: " adsl-stop > /dev/null 2>&1 /etc/init.d/rc.iptables stop > /dev/null 2>&1 echo "$NAME." exit 0 ;; restart|force-reload) # # If the "reload" option is implemented, move the "force-reload" # option to the "reload" entry above. If not, "force-reload" is # just the same as "restart". # echo -n "Restarting $DESC: " adsl-stop > /dev/null 2>&1 /etc/init.d/rc.iptables restart > /dev/null 2>&1 adsl-start > /dev/null 2>&1 echo "$NAME." ;; *) N=/etc/init.d/$NAME # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 echo "Usage: $N {start|stop|restart|force-reload}" >&2 exit 1 ;; esac exit 0
Start (or stop or restart) your firewall -- Executing the following (as root) from the command line should now start, stop, and restart your firewall:
$ /etc/init.d/inetconnection start $ /etc/init.d/inetconnection stop $ /etc/init.d/inetconnection restart
Automatic start-up -- Configure your system so that the firewall automatically starts when you boot your machine. To do so create symbolic links in each of rc0.d ... rc6.d to the script /etc/init.d/inetconnection. You can use the script update-rc.d, which is delivered with your Debian system, to do this. For more information about these links and how they are used during the boot process, see section 2.4 The Debian boot process of the Debian Reference Chapter 2 - Debian fundamentals.
IPtables-firewall: At Arno's Projects.
PPPoE - Roaring Penguin: rp-pppoe from Roaring Penguin`