Border protection for Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have a small, simple firewall "script": http://pastebin.com/raw.php?i=NChRyqVu

Can I ask the mailing list, that look at it for a few moments, and sort out the:

 - unnecessary things in it [if it contains any, like are there solutions for write multiple destination ip's in one line?]
 - missing thing, that could be in a firewall, to make it _SAFER/BETTER_!

TODO's/Q's [please help!]:
1) where do i have to put the "iptables-restore FROMTHEFILE" command [to set the firewall when e.g.: booting the pc] on Fedora?

2) what is the best application firewall under linux? [links for good howtos?]

3) do i need a proxy? [i can guess that, that the http proxy on localhost can filter the http, but what's with https? it's end-to-end encrypted :O]

4) can i do something with the: "$IPTABLES -A INPUT -p tcp --dport 20000 -j ACCEPT" - i'm seeding distros on torrent, but are there any plus "options" to e.g.: only allow torrent traffic on port 20000/input?

5) on line 68: "$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT" - when i put a "-p tcp" in it, it makes "funny" things - when i reopen my webbrowser, i "can't surf the net", so i can't put the "-p tcp" in it? :( - just to ensure only tcp comes IN. [why would i need anything else?? only OUTPUT udp needed, no? :O + icmp ping output..]

6) "is it safer", if i use a local dns cache? like "dnsmasq"?

7) what does exactly "--state ESTABLISHED,RELATED" mean? why do i have to write this to the start of my firewall script?

8) how could i block packets from: destinatio ip 255.255.255.255?? "$IPTABLES -A INPUT -d 255.255.255.255 -j DROP" to the start of my script DOESN'T help :O i used wireshark to get this info.. the broadcast package was my routeros router.

sorry if i ask to much :\ but i need these answers :\ [and at least it would be archived]

THANK YOU for any help regarding these things!

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux