Warning: THE VOID WIKI IS DEPRECATED. It is no longer being maintained, contains outdated and incorrect information, and will eventually be shut down. Please refer to the Void Handbook, https://docs.voidlinux.org/, for the official documentation. If you can't find the information you're seeking, please raise an issue at https://github.com/void-linux/void-docs/issues

Difference between revisions of "Firewall Guide"

From Void Linux Wiki
Jump to navigation Jump to search
(Marked for removal :/)
(Added 'iptables' heading. Added 'ufw - Uncomplicated Firewall' section)
Line 1: Line 1:
 
{{Remove|This page should be either removed or merged with [[Firewall Configuration]]}}
 
{{Remove|This page should be either removed or merged with [[Firewall Configuration]]}}
 +
 +
= iptables =
  
 
First off, install the iptables package:
 
First off, install the iptables package:
Line 62: Line 64:
 
  target    prot opt source              destination         
 
  target    prot opt source              destination         
 
  ACCEPT    all  --  0.0.0.0/0            0.0.0.0/0
 
  ACCEPT    all  --  0.0.0.0/0            0.0.0.0/0
 +
</pre>
 +
 +
= ufw - Uncomplicated Firewall =
 +
 +
 +
Alternatively, basic firewall rules (deny incoming, allow outgoing) can be established by default by installing and enabling [https://en.wikipedia.org/wiki/Uncomplicated_Firewall ufw]:
 +
 +
<pre>
 +
$ sudo xbps-install ufw
 +
$ sudo xbps-reconfigure ufw
 +
$ sudo ufw enable
 +
</pre>
 +
 +
To check whether the ufw firewall is active during the session:
 +
 +
<pre>
 +
$ sudo ufw status
 +
</pre>
 +
 +
To list rules:
 +
 +
<pre>
 +
$ sudo ufw status verbose
 +
</pre>
 +
 +
For the service to persist on reboot:
 +
<pre>
 +
$ sudo ln -s /etc/sv/ufw /var/service
 +
</pre>
 +
 +
ufw pulls iptables as a dependency.  Rules can be modified using iptables, by following ufw's [http://manpages.ubuntu.com/manpages/xenial/en/man8/ufw.8.html man page], or through gufw, a graphical interface for ufw:
 +
<pre>
 +
$ sudo xbps-install gufw 
 +
$ sudo gufw
 
</pre>
 
</pre>
  
 
[[Category:Guides]]
 
[[Category:Guides]]

Revision as of 22:07, 16 August 2017

Icon delete.svgThis section (or entire page if this is at the beginning of it) has been marked for removal.

Reason: This page should be either removed or merged with Firewall Configuration (Discuss in Talk:Firewall Guide#)

iptables

First off, install the iptables package:

# xbps-install iptables

Now let's set up our firewall configuration:

 # Set default chain policies
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT

 # Accept on localhost
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A OUTPUT -o lo -j ACCEPT

 # Allow established sessions to receive traffic
 iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

 # Allow SSH remote
 # iptables -I INPUT -p tcp --dport 22 -j ACCEPT
 iptables-save > /etc/firewall.conf

/etc/firewall.conf

# Generated by iptables-save v1.4.21 on Mon Oct 27 16:52:51 2014
*filter
:INPUT DROP [1:52]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [518:49547]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
COMMIT
# Completed on Mon Oct 27 16:52:51 2014

/etc/sv/iptables/run

#!/bin/sh
iptables-restore < /etc/firewall.conf
chmod +x /etc/sv/iptables/run
ln -s /etc/sv/iptables /var/service/

Reboot and test

$ sudo iptables -L -n
 Chain INPUT (policy DROP)
 target     prot opt source               destination         
 ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
 ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED

 Chain FORWARD (policy DROP)
 target     prot opt source               destination         

 Chain OUTPUT (policy ACCEPT)
 target     prot opt source               destination         
 ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

ufw - Uncomplicated Firewall

Alternatively, basic firewall rules (deny incoming, allow outgoing) can be established by default by installing and enabling ufw:

 $ sudo xbps-install ufw
 $ sudo xbps-reconfigure ufw
 $ sudo ufw enable

To check whether the ufw firewall is active during the session:

 $ sudo ufw status

To list rules:

 $ sudo ufw status verbose

For the service to persist on reboot:

 $ sudo ln -s /etc/sv/ufw /var/service

ufw pulls iptables as a dependency. Rules can be modified using iptables, by following ufw's man page, or through gufw, a graphical interface for ufw:

 $ sudo xbps-install gufw   
 $ sudo gufw