Firewall software is designed to limit access to network resources running on your Linux VPS to authorized parties. Some services, such as a public web server, may be accessible to anyone. Others might be more restricted, such as an SSH daemon for remote system administration.
Installing the Firewall
Installing the Firewall
Make sure your package repositories and installed programs are up to date by issuing the following commands:
apt-get update apt-get upgrade --show-upgraded
Issue the following command in your terminal:
apt-get install arno-iptables-firewall
You will be led through a series of configuration dialogs. In the example below, we're assuming your VPS has one public IP address on eth0 and one private IP address on the alias eth0:0 (a private IP is not required). Please be sure to refer to the "Remote Access" tab in the Linode Manager for your specific settings.
Configuring the Firewall
As part of the installation process, you'll be presented with a debconf dialog for configuration. Choose "Yes" to allow your configuration to be interactively managed by debconf:
Enter the name of your external network interface. Linodes have eth0 by default.
Enter a list of TCP ports you'd like to be accessible through your Linode's public IP address, separated by spaces. In this example we've specified SSH, SMTP, HTTP, HTTPS, IMAPS and POP3S. You may wish to open additional ports if you run other public services on your VPS.
Specify the UDP ports you'd like to be open to the public in the same manner.
If you have a private IP address assigned to your Linode, you can specify the interface alias for it next. In this example, we're allowing all traffic from the private network range to the private interface aliaseth0:0. You may fine-tune this later to only allow access from specific hosts on the backend network. If you don't have a private IP address configured, simply leave this field blank.
If required, specify the address range for the private network (expressed in CIDR notation
).
).
You will be asked whether the firewall should be started now. Answer "Yes" here and continue.
After the initial debconf dialog exits, a few packages that arno-iptables-firewall depends upon will be configured. You will be prompted to restart the firewall after the configuration is complete.
Your firewall should be functioning correctly at this point. You can reference the file /etc/arno-iptables-firewall/firewall.conf for additional configuration beyond the scope of the debconf dialogs. To start/stop/restart the firewall from the shell, use the command /etc/init.d/arno-iptables-firewall [start|stop|restart].
Thank you for such a nice tutorial.
ReplyDeleteI just wrote a different kind of tutorial on how to set up Arno IPTABLES firewall.
May be it may help someone to setup his own firewall based on IPTABLES.
You can find some examples for a mail server and for a Proxy server using SNAT and port forwarding.
The location of my tutorial is here:
http://cosmolinux.no-ip.org/raconetlinux2/arno_iptables_firewall.html
I wish it is useful to someone.