Linux Firewall – The Second Line of Defense December 8, 2010Posted by Tournas Dimitrios in Linux.
On a SOHO environment , the most usual first line of defense is of course your router . I always configure my router to behave with the most restrictive rules . Although the firs line of defence is very restrictive , doesn’t mean that your LAN computers are totally protected from the black hat script kiddies . So a second line of defence must be implemented on each box separately , the firewall on your Linux system.
This article will outline 2 very easy to use firewall configuration tools , even a newcomer to the Linux world , can use them to configure the second line of defence . I assume that you already know what a port is and at least on what ports the main applications run . During the installation of your Linux system you will have been asked a number of questions about the security settings you wanted to select. At the time you may not have understood what these settings meant or you may not recall which settings you chose. In this article we will explore how to configure the security settings of your Linux system. The tools that will be demonstrated are:
- The lokkit command
- Graphical Firewall Configuration Tools
Lets get started :
The lokkit command :
The lokkit command can be run at any time to change the security settings of Firewall installed on your system. To run this command you must first login as root or use the “su” command. If you are already super user on your Linux system start the lokkit command as follows:
or to use the su command from a non-super user account as follows:
su –c “/usr/sbin/lokkit”
The lokkit command allows you to either enable or disable the Firewall. The first step if it is not already enabled is to enable it. Use the “Tab” key to move around and the “Space” key to select the “Enabled” option.
The second step is configure the Firewall. Use the Tab key to move the “Configure” button and press the “Space” key.
On the configuration screen simply select the service types that you want to support. Based on your selections lokkit will configure the Firewall to allow access to the appropriate ports. The services listed are HTTP, FTP, SSH, Telnet and Mail (SMTP). You can also specify other ports you wish to open on the Firewall in the “other ports” section.
Graphical Firewall Configuration Tools :
RedHat Linux and RedHat Fedora Core each provide excellent graphical tools for configuring the Firewall bundled with their Linux distributions. These tools are:
- redhat-config-security-level (RedHat Linux 9 or later)
- system-config-security-level ( RedHat Fedora Core )
Both of these tools have identical user interfaces and allow you to make the same configuration selections as the lokkit command described previously. The user interface is shown below .