firewall

[Edmund Laugasson]

> I am looking to set up a firewall with fwbuilder, I use the wizard compile successfully but get this error when tryin to install.

I used NARC and it works like a charm - 
http://www.knowplace.org/pages/howtos/firewalling_with_netfilter_iptables/netfilter_automatic_rule_configurator.php

It is command line script but very well commented and it uses iptables to do its work. NARC is just 
one command line frontend to get iptables configured and run in your way. Installing is very easy - 
just copy 3 different files into different places, modify the firewall script, update running 
services and start script as firewall. Everyting is well documented and easy to use.

You can put to file /etc/rc.local the following row:
/usr/sbin/narc start
.... to start NARC automatically at boot.

Then after you configured the NARC and started it - you may forget it. It just works. If you need 
some ports to be open, just reconfigure /etc/narc/narc.conf to fit your needs, restart NARC daemon 
and that's it!

But NARC will not start if there is no IP-address at selected network interface. This is commonly 
when network interface is just not up or getting IP-address takes some time over DHCP. Then you need 
some pause before the NARC will start to give some time for network interface starting up:
sleep 10; /usr/sbin/narc start
... this "10" is the time in seconds, after when the system will run followed command. If 10 seconds 
is not enough for your computer - give some more time :) Just test it.

You may check firewall working like this:
sudo iptables -L
or
sudo narc status


If sudo iptables -L gives you picture like this:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

... then no firewall is working.

If NARC is working - there will be much more longer information in table.


Best Regards,
Edmund