<br /> Simple Debian Firewall for Beginners – Debian Planet

Welcome to Debian Planet

News for Debian. Stuff that *really* matters


Debian Planet is hosted by Bluelinux Internet Services Ltd. Offering a special discounted rate for Free and Open Source software community members.

Buy your Debian merchandise at DebianShop.com.

These are important Debian sites one should not be without!

  • Official Debian site
  • Package search
  • Mailing list archives
  • Bug reports
  • Debian on CD
  • Debian Weekly News — excellent news source!
  • Unofficial APT sources

  • Developers’ Corner
  • Community
    Need help? You’re not alone on this planet.

  • Planet Debian
  • debianHELP
    (User support site)

  • Debian Administration
    (SysAdmin resources)

  • Debian International
  • DebianForum.de

  • DebianForum.dk

  • EsDebian

  • DebianWorld

  • Debian-Fr

  • MaximumDebian

  • DebianItalia
  • DebianUsers

  • Debian-BR

  • DebianHOWTO

  • Russian Debian (Русский)
  • Debian-JP
  • Debian Suisse
  • Contribute
    Got that latest or greatest scoop? Perhaps you have some important news for the Debian community? Submit a news item!

    Or perhaps you’ve written a rather ground breaking insight into some aspect of Debian and you feel compelled to share it with others? Knock up a longer editorial article and send it to the editors.

    General feedback should be sent to staff@debianplanet.org

    The place to get help on a Debian problem (after reading docs) or to just chat and chill is #debian on irc.oftc.net.

    Many of the Debian Planet staff live there so pop by and say hello.

    Debian Planet also has its own channel on the same network called #debianplanet.


    Simple Debian Firewall for Beginners
    Submitted by doom on Monday, October 25, 2004 – 20:46
    DebianI have written up my experience of creating a two-interface firewall using Shorewall on Debian. This article largely gives an overview of the process, with pointers to more detailed documentation, however any novice should find this a very useful introduction.
    Category: Tips

    Control panel

    Comment viewing options:

    Select your prefered way to display the comments and click ‘Update settings’ to activate your changes.

    Subject: clean install
    Author: slashcores
    Date: Thursday, 2004/11/11 – 15:58
    Great article, but I have some additions…

    If you’re short on diskspace, you should probably skip the package selection utilities in the installer. You can just configure the network and open a console to apt-get install sshd. After rebooting you can edit the sources.list and apt-get update/dist-upgrade. This should set you up with approximately 300-350MB of used disk space. Now you’ll find that there are a lot of packages that still need to be installed, but you can get them as you need them.
    This way, you’ll save a lot of disk space and bandwith.

    Also: whatever daemons need restarting, they will be restarted for you during the dist-upgrade (since there aren’t a lot of them installed, and there certainly aren’t any that apt is unaware of, since this is a clean install.)

    On the flavor choice: for a firewall, you will probably be better of with woody + security updates or sid. Sarge still has a lot of security issues –as pointed out by Joey Hess in http://lists.debian.org/debian-release/2004/08/msg00144.html

    Just my 2 cents…

    [ Please login, or register ]

    Subject: Knoppix
    Author: Dacmot
    Date: Monday, 2004/11/01 – 16:23
    You say you didn’t use KNOPPIX because KDE is too demanding for your old box. Did you know you can boot KNOPPIX with a) a lighter WM like IceWM, b) into commandline (liloprompt: knoppix 2). Press F2 at the boot prompt I think it is to check the other options. It says which button to press for help.

    My Girlfriend: I love you!
    Me: I love Linux!

    [ Please login, or register ]

    Subject: post it on debian wiki ^^
    Author: error3
    Date: Sunday, 2004/10/31 – 23:05
    Can’t you set your article on wiki.debian.net ?


    “Debian addict, active member of Amaya (Amayita)’s fan club (and fan
    of her tatoo)”

    [ Please login, or register ]

    Subject: gshield
    Author: kromagg
    Date: Thursday, 2004/10/28 – 23:26
    We used to have a gshield setup. It contained a couple of 100 rules that nobody had any idea what they were doing there. So we wrote our own damn script. In the end I believe that’s the way to go for maintainability. But shorewall is pretty good for most setups.
    [ Please login, or register ]

    Subject: 2.4 works with Woody
    Author: josh
    Date: Thursday, 2004/10/28 – 00:12
    From the article:
    Shorewall requires a 2.4 kernel (compiled with the “netfilter” options), which rules out Debian stable (aka woody).
    Really? It does? 🙂

    2.4 works just fine with Woody.

    Other than that, great article. Shorewall is quite excellent.

    [ Please login, or register ]


    Subject: 2.4 default kernel needs /etc/modules set right
    Author: osamu
    Date: Wednesday, 2004/11/10 – 23:25
    Since some ipt_* etc modules needs to be preloaded, you need to load modules while booting.

    2.4 default kernel needs /etc/modules to set these right automatically. If this doc says otherwise, he is missing something.

    BTW, for simpal firewall, I like ipmasq. Simple and configurable as one wishes.

    See more on “Debian Reference” This is not hand holding document. This should give you hints and leads to get full understandings 🙂

    Yes, I am upstream of Debian Reference and maintainer of ipmasq.

    [ Please login, or register ]

    Search articles

    ·News (406)
    ·Features (5)
    ·Site News (16)
    ·HOWTOs (79)
    ·Tips (21)
    ·Opinion (29)
    ·Q & A (35)
    ·Sponsorship (1)
    ·Press Releases (5)

    Log in


    Remember me

    » Register
    » New password

    Debian Security Announcements
    DSA-943 perl
    DSA-942 albatross
    DSA-903 unzip
    DSA-941 tuxpaint
    DSA-940 gpdf
    DSA-939 fetchmail
    DSA-938 koffice
    DSA-937 tetex-bin
    DSA-936 libextractor
    DSA-935 libapache2-mod-auth-pgsql

    Planet Debian
    Wouter Verhelst: On flames.
    Joachim Breitner: Fixing my planet.debian.org subscription
    Steve Kemp: She has the blood of reptile just underneath her skin
    Pierre Habouzit: Married …
    Pierre Habouzit: whitelister 0.4 (SPF) and aaege ….
    Pierre Habouzit: kde 3.4.1 upload
    Holger Levsen: In case you are running OpenWRT
    Michael Janssen: Shiny roofs are good for the environment!
    Matthew Palmer: Work it out yourself, dammit!
    Axel Beckert: Tell me which music you like and I tell who you are

    Debian Administration
    How do I prevent rebuilt packages from being upgraded?
    Disabling the print-screen key inside X?
    Monitoring your bandwidth usage with vnstat
    Ruby on Rails on Debian
    Choice for Virtual Private Servers?
    Monitoring your hardware’s temperature
    Sending mail with Exim from ‘dialup’ IP
    How to recover GRUB Debian Sarge after reinstalling Windows
    Getting a GUI
    Spam filtering with Pyzor and SpamBayes

    Latest poll: Which release scheme should Debian follow?
    Continue this way (release when ready)
    Give up on releasing
    Split the release up
    Speed the release up
    Crank the workload up (see DebianWiki ReleaseProposals for details on these)

    Total votes: 372
    0 comments · older polls

    home · archives · news feeds · about · polls · search · sections · user account

    Powered by the amazing Drupal

    Debian Planet is not officially related to the Debian Project.
    Debian and the Debian logo are trademarks of Software in the Public Interest, Inc.